[Ksplice][Debian 9.0 Updates] New Ksplice updates for Debian 9.0 Stretch (4.9.228-1)

Thu Jul 30 13:04:56 PDT 2020

Synopsis: 4.9.228-1 can now be patched using Ksplice
CVEs: CVE-2018-9517 CVE-2019-14895 CVE-2019-16233 CVE-2019-16234 CVE-2020-10690 CVE-2020-12769 CVE-2020-12826 CVE-2020-13974 CVE-2020-1749 CVE-2020-2732

Systems running Debian 9.0 Stretch can now use Ksplice to patch
against the latest Debian kernel update, 4.9.228-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Debian 9.0
Stretch install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2019-16234: NULL pointer dereference when registering Intel Wireless WiFi driver.

A logic error in error path when registering Intel Wireless WiFi driver
fails on workqueue allocation could lead to a NULL pointer dereference.
A local attacker could use this flaw to cause a denial-of-service.

* Improved fix for CVE-2019-14895: Denial-of-service when receiving Country WLAN element in Marvell WiFi-Ex driver.

A logic error when receiving Country WLAN element in Marvell WiFi-Ex
driver could lead to an invalid memory access. A local attacker could
use this flaw to cause a denial-of-service.

* CVE-2020-12769: Denial-of-service in Designware SPI transfers.

A race condition between reading and writing in the Designware SPI
driver can result in a kernel crash. A local user could use this flaw to
cause a denial-of-service.

* CVE-2019-16233: NULL pointer dereference when registering QLogic Fibre Channel driver.

A missing check when registering QLogic Fibre Channel driver fails could
lead to a NULL pointer dereference. A local attacker could use this flaw
to cause a denial-of-service.

* CVE-2020-2732: Privilege escalation in Intel KVM nested emulation.

Incorrect handling of emulated instructions and IO bitmaps could allow
an unprivileged user in a nested KVM guest instance to crash the system
or potentially, escalate privileges.

* CVE-2020-1749: Information disclosure in IPv6 IPSec tunneling.

A logic error in the IPv6 implementation of IPSec can lead to some
protocols being routed outside of the IPSec tunnel in an unencrypted
form. A network based attacker could use this flaw to read confidential
information.

* CVE-2020-13974: Integer overflow in virtual terminal keyboard interface.

Improper handling of ASCII key events in the kernel's virtual terminal
driver could lead to an integer overflow on repeated keypresses. This
could potentially result in an unspecified security impact.

* CVE-2018-9517: Privilege escalation in L2TP session creation.

A race condition during L2TP session creation could result in memory
corruption.  A local, unprivileged user could use this flaw to trigger a
use-after-free and elevate privileges.

* Note: Oracle will not provide zero-downtime update for CVE-2020-10690.

The vulnerability requires module loading/unloading privileges to cause a
use-after-free.

* Information leak when accessing IOAPIC register in KVM.

Array access for IOAPIC register is missing protection against Spectre
v1-type attack. An attacker could exploit this bug to read privileged
kernel memory.

* CVE-2020-12826: Privilege escalation in process signal handling.

A logic error in the way signal are passed from child to parent could
lead to a child sending any signal to a parent. A local attacker could
use this flaw to escalate privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.