[Ksplice-Fedora-28-updates] New Ksplice updates for Fedora 28 (FEDORA-2018-cc812838fb)
Oracle Ksplice
ksplice-support_ww at oracle.com
Mon Aug 13 09:37:28 PDT 2018
Synopsis: FEDORA-2018-cc812838fb can now be patched using Ksplice
CVEs: CVE-2018-5390
Systems running Fedora 28 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2018-cc812838fb.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Fedora 28
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Denial-of-service in QLogic 2xxx fcport search.
A logic error in the QLogic 2xxx driver could lead to a NULL pointer
dereference during a fcport search. This could be exploited to cause
a denial-of-service.
* Denial-of-service in ALSA rawmidi ioctl.
Race conditions in the SNDRV_RAWMIDI_IOCTL_PARAMS ioctl code could result
in memory corruption. This could be exploited to cause a denial-of-service.
* Denial-of-service in non-hierarchical memory cgroup iteration.
A logic error in the memory cgroup code could lead to kernel memory
corruption and a kernel crash when iterating over cgroups. This could
be exploited to cause a denial-of-service.
* Improved fix for Spectre v1: Information leak in VFIO PCI ioctl.
A missing sanitization of array index in the VFIO PCI ioctl code
could lead to an information leak. A local attacker could use this flaw
to leak information about the running system.
* Memory corruption with Nouveau Multi-Stream Transport connectors.
Several race conditions in the Nouveau driver code when looping through
MST connectors can lead to memory corruption or kernel panic. This could
be exploited to cause a denial-of-service.
* Denial-of-service in IPv4 TCP socket close.
A logic error in the TCP abort code results in sockets being freed
twice, leading to possible memory corruption or a kernel panic. This
could be exploited to cause a denial-of-service.
* Denial-of-service in kernel rhashtable destruction.
A logic error in rhashtable could result in some elements not being
properly freed, leading to memory corruption and kernel panic. This could
be used to cause a denial-of-service.
* Use-after-free in IPv6 GRE tunnel transmission.
A logic error in the IPv6 GRE code could result in an use-after-free
condition, causing possible memory corruption or kernel panic. This
could be used to cause a denial-of-service.
* Information leak in IPv6 raw sockets with IP(V6)_ORIGDSTADDR.
A specially crafted IPv6 packet could force the IPv6 code to read beyond
the end of a buffer, causing a potential information leak of kernel
memory.
* Denial-of-service in IP skbuff error handling.
A logic error in the handling of errors in the skbuff code could lead
to a NULL pointer dereference, and subsequent kernel panic. This could
be used to cause a denial-of-service.
* CVE-2018-5390: Denial-of-service when receiving misordered TCP packets.
A malicious remote user can send large numbers of out-of-order TCP
packets, causing the local server to waste time processing its local
data structures and resulting in an effective denial-of-service.
* Denial-of-service in Linux Screen Reader speakup read.
A logic error in the read function on the speakup driver could result
in unbounded kernel memory writes, causing memory corruption and a kernel
crash. A malicious user could use this to cause a denial-of-service.
* Denial-of-service in USB xhci endpoint reset.
A logic error in the xhci code could result in a memory leak
during a endpoint reset operation. This could be used to
cause a denial-of-service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-28-Updates
mailing list