[Ksplice][Ubuntu-16.10-Updates] New Ksplice updates for Ubuntu 16.10 Yakkety (4.8.0-40.43)

[Oracle Ksplice]

Synopsis: 4.8.0-40.43 can now be patched using Ksplice

Systems running Ubuntu 16.10 Yakkety can now use Ksplice to patch
against the latest Ubuntu kernel update, 4.8.0-40.43.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 16.10
Yakkety install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Deadlock in block multi-queue allocations causes denial-of-service.

Incorrectly specified memory page flags when initializing a block
multi-queue could cause the memory manager to attempt to reclaim the
memory it was currently allocating, causing a deadlock and
denial-of-service.


* Memory leak in AppArmor label merge.

When routinely merging AppArmor labels, the newly created label would be
created with an erroneously high reference count, leaking the label and
over time causing degraded system performance and a potential
denial-of-service.


* Denial-of-service when mounting AppArmor filesystem fails.

Incorrect logic in the error path when mounting the AppArmor filesystem
failed causes a kernel oops and denial-of-service.


* Memory leak in AppArmor labels if unused.

If an AppArmor label was created but never used, its reference count
would not be properly decremented and the memory would be leaked,
causing performance degradations and an eventual denial-of-service.


* Memory leak in AppArmor namespace when removing profiles.

Missing reference decrements would cause a leak of the AppArmor namespace
when removing profiles from a policy, causing performance degradation
and an eventual denial-of-service.


* Flock permission erroneously granted through AppArmor file cache.

If a file present in the AppArmor permissions cache was queried for the
flock permission, it would be granted instead of correctly audited.


* Memory leak in AppArmor SecurityFs inode setup.

Failing to release a reference to the AppArmor SecurityFs namespace
would cause it to become unreferenced, leaking memory and potentially
causing an eventual denial-of-service.


* Deadlock in AppArmor filesystem causes denial-of-service.

Invalid lock ordering when creating directories could cause a deadlock
with modifying AppArmor profiles, causing a deadlock and
denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.