[Ksplice-Fedora-28-updates] New Ksplice updates for Fedora 28 (FEDORA-2018-cc812838fb)

[Oracle Ksplice]

Synopsis: FEDORA-2018-cc812838fb can now be patched using Ksplice
CVEs: CVE-2018-5390

Systems running Fedora 28 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2018-cc812838fb.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 28
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Denial-of-service in QLogic 2xxx fcport search.

A logic error in the QLogic 2xxx driver could lead to a NULL pointer
dereference during a fcport search.  This could be exploited to cause
a denial-of-service.


* Denial-of-service in ALSA rawmidi ioctl.

Race conditions in the SNDRV_RAWMIDI_IOCTL_PARAMS ioctl code could result
in memory corruption.  This could be exploited to cause a denial-of-service.


* Denial-of-service in non-hierarchical memory cgroup iteration.

A logic error in the memory cgroup code could lead to kernel memory
corruption and a kernel crash when iterating over cgroups.  This could
be exploited to cause a denial-of-service.


* Improved fix for Spectre v1: Information leak in VFIO PCI ioctl.

A missing sanitization of array index in the VFIO PCI ioctl code
could lead to an information leak.  A local attacker could use this flaw
to leak information about the running system.


* Memory corruption with Nouveau Multi-Stream Transport connectors.

Several race conditions in the Nouveau driver code when looping through
MST connectors can lead to memory corruption or kernel panic.  This could
be exploited to cause a denial-of-service.


* Denial-of-service in IPv4 TCP socket close.

A logic error in the TCP abort code results in sockets being freed
twice, leading to possible memory corruption or a kernel panic. This
could be exploited to cause a denial-of-service.


* Denial-of-service in kernel rhashtable destruction.

A logic error in rhashtable could result in some elements not being
properly freed, leading to memory corruption and kernel panic.  This could
be used to cause a denial-of-service.


* Use-after-free in IPv6 GRE tunnel transmission.

A logic error in the IPv6 GRE code could result in an use-after-free
condition, causing possible memory corruption or kernel panic.  This
could be used to cause a denial-of-service.


* Information leak in IPv6 raw sockets with IP(V6)_ORIGDSTADDR.

A specially crafted IPv6 packet could force the IPv6 code to read beyond
the end of a buffer, causing a potential information leak of kernel
memory.


* Denial-of-service in IP skbuff error handling.

A logic error in the handling of errors in the skbuff code could lead
to a NULL pointer dereference, and subsequent kernel panic.  This could
be used to cause a denial-of-service.


* CVE-2018-5390: Denial-of-service when receiving misordered TCP packets.

A malicious remote user can send large numbers of out-of-order TCP
packets, causing the local server to waste time processing its local
data structures and resulting in an effective denial-of-service.


* Denial-of-service in Linux Screen Reader speakup read.

A logic error in the read function on the speakup driver could result
in unbounded kernel memory writes, causing memory corruption and a kernel
crash.  A malicious user could use this to cause a denial-of-service.


* Denial-of-service in USB xhci endpoint reset.

A logic error in the xhci code could result in a memory leak
during a endpoint reset operation.  This could be used to
cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.