[Ksplice][Debian 8.0 Updates] New Ksplice updates for Debian 8.0 Jessie (3.16.74-1)

Oracle Ksplice ksplice-support_ww at oracle.com
Wed Sep 25 13:40:00 PDT 2019 

Synopsis: 3.16.74-1 can now be patched using Ksplice
CVEs: CVE-2016-10905 CVE-2018-20976 CVE-2018-21008 CVE-2019-0136 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14821 CVE-2019-14835 CVE-2019-15117 CVE-2019-15118 CVE-2019-15211 CVE-2019-15212 CVE-2019-15215 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15292 CVE-2019-15807 CVE-2019-15917 CVE-2019-15926 CVE-2019-9506

Systems running Debian 8.0 Jessie can now use Ksplice to patch against
the latest Debian kernel update, 3.16.74-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Debian 8.0
Jessie install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-14835: Privilege escalation during live migration of guest.

A failure to check for guest creating a zero length queue in the vhost driver
can lead to a buffer overflow in the host kernel.  A guest virtual machine
could use this flaw to crash the host or potentially escalate privileges when
the virtual machine is live migrated.


* CVE-2019-15212: Denial-of-service plugging in malicious USB device.

Unsynchronized access to global variable in the rio500 driver leads to
memory leak and kernel crash. A malicious USB device could trigger this
vulnerability to cause a denial-of-service.


* CVE-2019-15215: Denial-of-service when disconnecting CPiA2 USB camera.

A use-after-free vulnerability in the V4L2 interface for CPiA2 USB
camera allows a malicious USB device to crash the kernel. An attacker
could exploit this to cause a denial-of-service.


* CVE-2019-15218: Denial-of-service in Siano Mobile Digital TV USB tuner probing.

Missing error checking when setting up endpoints for a Siano Mobile
Digital TV tuner could result in an invalid pointer dereference and
kernel crash.  A physically present user with a malicious device could
use this flaw to crash the system.


* CVE-2019-15221: Out-of-bounds write in Line6 POD USB audio interface driver.

The driver for Line6 POD USB audio interfaces allocates a buffer based
on the usb_maxpacket value reported by the device itself. A malicious
device could report a value of zero to cause an out-of-bounds write,
potentially resulting in memory corruption.


* Note: Oracle will not provide zero-downtime update for CVE-2019-15292.

The vulnerability only affects module unloading, which is a privileged
operation.


* CVE-2019-15807: Denial-of-service when discovering expander in SAS Domain Transport Attributes fails.

A logic error when discovering expander in SAS Domain Transport
Attributes fails could lead to a kernel assert. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2019-14821: Denial-of-service in KVM MMIO coalesced writes.

An out-of-bounds access to the coalesced MMIO ring buffer could result
in a kernel crash.  A malicious guest could use this flaw to crash the
hypervisor or potentially, escalate privileges.


* CVE-2019-15926: Out-of-bounds access in Atheros mobile chipsets driver.

A missing check on received network packet in Atheros mobile chipsets
driver could lead to an out-of-bounds access. A local attacker could use
this flaw to cause a denial-of-service.


* CVE-2019-15219: Denial-of-service in USB 2.0 SVGA dongle driver when using a malicious USB device.

A logic error in USB 2.0 SVGA dongle driver could lead to a NULL pointer
deference. A local attacker could use this flaw and a malicious USB
device to cause a denial-of-service.


* Note: Oracle will not provide zero-downtime update for CVE-2019-15220.

The vulnerability is in firmware loading which is a privileged
operation. This also requires user interaction and physical access to
the system.


* CVE-2018-20976: Use-after-free when mounting XFS filesystem.

A logic error when mounting XFS filesystem fails during super block
creation, could lead to a use-after-free. A local attacker could use
this flaw to cause a denial-of-service.


* CVE-2019-9506: Information disclosure when transmitting over bluetooth.

The Bluetooth BR/EDR specification permits sufficiently low encryption key
length and does not prevent an attacker from influencing the key length
negotiation. This allows practical brute-force attacks (aka "KNOB") that can
decrypt traffic and inject arbitrary ciphertext without the victim noticing.

This is the fix in kernel to disallow arbitrarily short encryption key.
However, the actual bug is in the protocol so we encourage customers to
also upgrade the firmware on their bluetooth device.


* CVE-2016-10905: Use-after-free in GFS2 file system.

A logic error when using resource group to keep track of block
allocation in GFS2 filesystem could lead to a use-after-free. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Denial-of-service when parsing access point settings in Marvell WiFi-Ex driver.

Logic errors when parsing access point settings in Marvell WiFi-Ex
driver could lead to buffer overflows. A local attacker could use this
flaw to cause a denial-of-service.


* Note: Oracle will not provide a zero-downtime update for CVE-2019-15211.




* CVE-2019-15917: Use-after-free when registering Bluetooth HCI uart device.

A logic error when registering Bluetooth HCI uart device could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2018-21008: Use-after-free when de-initializing mac80211 stack in Redpine Signals Inc 91x WLAN driver.

A logic error when de-initializing mac80211 stack in Redpine Signals Inc
91x WLAN driver could lead to a use-after-free. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2019-15117: Out-of-bounds access when parsing USB descriptor in ALSA USB driver.

A missing check when parsing USB descriptor in ALSA USB driver could
lead to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2019-15118: Stack overflow when checking input source type in ALSA USB driver.

A logic error when checking input source type in ALSA USB driver could
lead to a stack overflow. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2019-0136: Denial-of-service in Intel(R) wifi driver.

Insufficient access control in the Intel(R) PROSet/Wireless WiFi driver
may allow an unauthenticated user in the same network to cause a
denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Debian-8.0-Updates mailing list