[Ksplice][Debian 9.0 Updates] New Ksplice updates for Debian 9.0 Stretch (4.9.189-3)

Oracle Ksplice ksplice-support_ww at oracle.com
Thu Oct 17 06:25:04 PDT 2019 

Synopsis: 4.9.189-3 can now be patched using Ksplice
CVEs: CVE-2017-0861 CVE-2019-0136 CVE-2019-11487 CVE-2019-15212 CVE-2019-15215 CVE-2019-15216 CVE-2019-15218 CVE-2019-15219 CVE-2019-15220 CVE-2019-15221 CVE-2019-15538 CVE-2019-15666 CVE-2019-15807 CVE-2019-15926 CVE-2019-9506

Systems running Debian 9.0 Stretch can now use Ksplice to patch
against the latest Debian kernel update, 4.9.189-3.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Debian 9.0
Stretch install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-15216: Use-after-free when removing a USB Yurex device.

A logic error when removing a USB Yurex device could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2019-9506: Information disclosure when transmitting over bluetooth.

The Bluetooth BR/EDR specification permits sufficiently low encryption key
length and does not prevent an attacker from influencing the key length
negotiation. This allows practical brute-force attacks (aka "KNOB") that can
decrypt traffic and inject arbitrary ciphertext without the victim noticing.

This is the fix in kernel to disallow arbitrarily short encryption key.
However, the actual bug is in the protocol so we encourage customers to
also upgrade the firmware on their bluetooth device.


* Improved fix to CVE-2017-0861: Use-after-free in ALSA sound subsystem.

A race condition when closing an ALSA device descriptor could cause a
use-after-free, potentially allowing an attacker to write to protected
memory and cause a privilege escalation.


* CVE-2019-15212: Denial-of-service plugging in malicious USB device.

Unsynchronized access to global variable in the rio500 driver leads to
memory leak and kernel crash. A malicious USB device could trigger this
vulnerability to cause a denial-of-service.


* CVE-2019-15218: Denial-of-service in Siano Mobile Digital TV USB tuner probing.

Missing error checking when setting up endpoints for a Siano Mobile
Digital TV tuner could result in an invalid pointer dereference and
kernel crash.  A physically present user with a malicious device could
use this flaw to crash the system.


* CVE-2019-15807: Denial-of-service when discovering expander in SAS Domain Transport Attributes fails.

A logic error when discovering expander in SAS Domain Transport
Attributes fails could lead to a kernel assert. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2019-15221: Out-of-bounds write in Line6 POD USB audio interface driver.

The driver for Line6 POD USB audio interfaces allocates a buffer based
on the usb_maxpacket value reported by the device itself. A malicious
device could report a value of zero to cause an out-of-bounds write,
potentially resulting in memory corruption.


* Note: Oracle will not provide zero-downtime update for CVE-2019-15220.

The vulnerability is in firmware loading which is a privileged
operation. This also requires user interaction and physical access to
the system.


* CVE-2019-15215: Denial-of-service when disconnecting CPiA2 USB camera.

A use-after-free vulnerability in the V4L2 interface for CPiA2 USB
camera allows a malicious USB device to crash the kernel. An attacker
could exploit this to cause a denial-of-service.


* CVE-2019-11487: Invalid memory access when overflowing pages refcount.

A reference count issue could let an attacker overflow pages reference
count and leads to invalid memory accesses. A local attacker could use
this flaw to cause a denial-of-service.


* CVE-2019-15538: Denial-of-service in XFS filesystem with Quota support enabled.

A locking error when XFS filesystem raise its quota limit could let
a local or remote attacker cause a denial-of-service using chgrp on such
filesystem.


* CVE-2019-0136: Denial-of-service in Intel(R) wifi driver.

Insufficient access control in the Intel(R) PROSet/Wireless WiFi driver
may allow an unauthenticated user in the same network to cause a
denial-of-service.


* CVE-2019-15666: Denial-of-service when setting network xfrm policy.

A missing check on user input when setting network xfrm policy from
userspace could lead to an out-of-bounds access. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2019-15219: Denial-of-service in USB 2.0 SVGA dongle driver when using a malicious USB device.

A logic error in USB 2.0 SVGA dongle driver could lead to a NULL pointer
deference. A local attacker could use this flaw and a malicious USB
device to cause a denial-of-service.


* CVE-2019-15926: Out-of-bounds access in Atheros mobile chipsets driver.

A missing check on received network packet in Atheros mobile chipsets
driver could lead to an out-of-bounds access. A local attacker could use
this flaw to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Debian-9.0-Updates mailing list