[Ksplice][Debian 8.0 Updates] New Ksplice updates for Debian 8.0 Jessie (DLA 1884-1)
Oracle Ksplice
ksplice-support_ww at oracle.com
Thu Sep 5 04:46:05 PDT 2019
Synopsis: DLA 1884-1 can now be patched using Ksplice
CVEs: CVE-2017-18509 CVE-2018-20836 CVE-2019-10207 CVE-2019-10638 CVE-2019-1125 CVE-2019-13631 CVE-2019-14283 CVE-2019-14284 CVE-2019-15214 CVE-2019-15216 CVE-2019-15239 CVE-2019-3900
Systems running Debian 8.0 Jessie can now use Ksplice to patch against
the latest Debian kernel update, DLA 1884-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Debian 8.0
Jessie install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Potential kernel crash in UDF filesystem's truncate() error path.
An incorrectly handled error case in the truncate(2) syscall on a UDF
filesystem can trip a kernel BUG(), leading to a kernel panic. This
could potentially be exploited to cause a denial-of-service.
* Improved fix to Spectre v1: bounds-check bypass in various ALSA sound drivers.
Several arrays in subsystems of the ALSA sound device driver code are
potentially vulnerable to a Spectre variant 1 speculative execution
attack.
* Out-of-bounds memory access when changing PCM parameters on ALSA device.
When altering PCM parameters for an ALSA sound device, incorrect
ordering of allocations could result in an out-of-bounds memory access,
potentially resulting in memory corruption or a denial-of-service.
* NULL pointer dereference in fair schedule load calculation.
A race condition in the fair scheduler code could lead to a NULL pointer
dereference and possible memory corruption or kernel panic.
* Denial-of-service in Xen ioctl when processing command input.
A failure to validate user input in the Xen ioctl code could result in an
out of bounds memory access, leading to possible memory corruption or a
kernel panic. This could be used for a denial-of-service attack.
* Memory leak in block bio layer when adding a page fails.
A failure to properly handle an error condition with adding a page in the
block bio layer results in a memory leak. This could be exploited to cause
a denial-of-service attack.
* Out-of-bounds access when getting USB string descriptor.
A logic error when getting USB string descriptor could lead to an
out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.
* NULL pointer dereference when attaching Velleman VM110/VM140 USB Board fails.
A logic error when attaching Velleman VM110/VM140 USB Board fails could
lead to using an uninitialized semaphore and a NULL pointer dereference.
A local attacker could use this flaw to cause a denial-of-service.
* Memory leak in CIFS symlink query path.
A failure to close a file handle under certain conditions can lead to
a memory leak in the CIFS code path that deals with symlinks. This
flaw could potentially be exploited by a malicious local user to waste
system resources and degrade performance.
* Invalid memory access when renaming debugfs in Generic IEEE 802.11 Networking Stack.
A missing check when renaming debugfs in Generic IEEE 802.11 Networking
Stack could lead to an invalid memory access. A local attacker could use
this flaw to cause a denial-of-service.
* Denial-of-service to filesystem in CIFS rename code path.
If a path-based rename fails with EBUSY in cifs_do_rename on an SMB2+
mount, the kernel will attempt to fall back to using the SMB protocol,
which will force a session close. This could be exploited by a
malicious attacker to disrupt service to the filesystem.
* CVE-2019-15216: Use-after-free when removing a USB Yurex device.
A logic error when removing a USB Yurex device could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.
* Out-of-bounds access when connecting DS2490 USB to W1 transport layer for 1-wire.
A logic error when connecting DS2490 USB to W1 transport layer for
1-wire could lead to an out-of-bounds access. A local attacker could
use this flaw to cause a denial-of-service.
* Permission bypass when using ipv6 flowlabel manager.
A logic error when using ipv6 flowlabel manager could let a process with
a recycled PID configure flowlabel owned by a previous process having
same PID.
* CVE-2019-13631: Denial-of-service in GTCO CalComp/InterWrite tablet.
Missing range checks could allow an out-of-bounds stack memory write
when parsing USB descriptors. A physically present user could use a
malicious device to trigger an out-of-bounds access leading to a kernel
crash.
* CVE-2019-14284: Denial-of-service in floppy disk formatting.
A division by zero in the setup_format_params function for the floppy
disk driver could result in a kernel crash. A local user with access to
the floppy disk device could use this flaw to crash the system.
* CVE-2018-20836: Use-after-free in SCSI SAS timeout.
A logic error when performing task completion for a SCSI SAS SMP timeout
could result in a use-after-free and kernel crash.
* Denial-of-service when validating packet against xfrm policy.
A use-after-free bug in the received packet validation path in the xfrm
subsystem could lead the kernel into executing arbitrary memory. This
could cause a denial-of-service and possibly be exploited by an attacker
to hijack control flow.
* Potential denial-of-service while processing loopback data in Rose driver.
A failure to properly rate-limit the processing of the ROSE driver's
loopback_queue can lead to CPU lockups when the queue grows large.
This flaw could potentially be exploited by an attacker to cause a
denial-of-service.
* CVE-2019-14283: Denial-of-service in floppy disk geometry setting during insertion.
Missing input validation in the floppy disk geometry setting calls could
allow a malicious local user with access to the floppy device to cause
an out-of-bounds access either crashing the system or leaking the
contents of kernel memory.
* XSA-300: Denial-of-service in Xen memory ballooning.
A logic error in the Xen memory balloon device driver could result in
exhaustion of resources or crashes of the backend device drivers
resulting in IO stalls or guest failures. A local privileged user could
use this flaw to cause a denial of service.
* Potential system crash in IPv6 UDP core when UFO is enabled.
A logic error in the udp6_ufo_fragment function can lead to a NULL
pointer dereference, and subsequent kernel panic. This could
potentially be exploited by a remote attacker to cause a
denial-of-service.
* CVE-2017-18509: Denial-of-service in IPv6 multicast routing path.
A failure to properly verify certain socket properties before performing
operations on the sockets in the IPv6 multicast routing path can cause a
kernel panic. This flaw could potentially be exploited by a local
attacker to cause a denial-of-service.
* Potential deadlock in IIO core.
A lock ordering issue in the IIO device unregister path can lead to a
deadlock. This could be exploited by a local attacker with sufficient
privileges, in order to cause a denial-of-service.
* Memory leak while changing DCCP socket SP feature values.
Under certain conditions, it is possible for the __feat_register_sp
function to leak small amounts of memory. This could potentially be
exploited by a local attacker to waste system resources and degrade
performance, or to aid in another type of attack.
* Out-of-bounds memory access during btrfs image validation.
A failure to properly check the length of a particular string when
validating a btrfs image can lead to an out-of-bounds read. A local
attacker could potentially craft a special image to exploit this flaw,
which could cause a system to exhibit unexpected behavior.
* Potential use-after-free in Exar NIC driver.
When a DMA mapping operation fails while trying to allocate more mempool
space in the Exar NIC driver, a freed address will be returned from
__vxge_hw_blockpool_malloc instead of the expected NULL. This can lead
to a use-after-free scenario, which may cause a system to exhibit
unexpected behavior, including a potential denial-of-service.
* CVE-2019-1125: Information leak in kernel entry code when swapping GS.
A local attacker could speculatively access percpu data using a user
defined GS and leak information about running kernel to facilitate an
attack.
* CVE-2019-10207: Denial-of-service in Bluetooth UART driver.
A logic error in the HCI UART device open path can cause the kernel to
attempt to execute at a bad address, leading to a system panic. This
flaw could be exploited by a local attacker to cause a
denial-of-service.
* Multiple memory access violations in floppy driver.
A failure to properly check input from userspace can lead to either an
out-of-bounds read, or a bad pointer dereference in the floppy driver.
A local attacked with sufficient privileges could exploit these flaws
to cause a system to exhibit unexpected behavior, or to cause a
denial-of-service.
* CVE-2019-15239: Use-after-free in TCP write queue purge path.
A failure to properly zero out pointers to freed memory in the
tcp_write_queue_purge function can lead to a use-after-free scenario.
This could potentially cause a system to exhibit unexpected behavior,
and could lead to a denial-of-service.
* CVE-2019-15214: Use-after-free when connecting ALSA cards.
A race condition when connecting an ALSA sound device could result in
prematurely freeing associated data structures. A malicious device might
exploit this to cause a denial-of-service or memory corruption.
* Note: Oracle will not be providing a zero downtime update for CVE-2019-10638.
CVE-2019-10638 is a flaw in the IP ID generation code that could allow a
remote user to track remote Linux devices.
* Note: Oracle will not be providing a zero downtime update for CVE-2019-3900.
CVE-2019-3900 is a denial-of-service for vhost devices. Virtual Machine
hosts using vhost devices for networking untrusted guests should reboot
into a newer kernel to mitigate CVE-2019-3900.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Debian-8.0-Updates
mailing list