[Ksplice-Fedora-28-updates] New Ksplice updates for Fedora 28 (FEDORA-2018-3857a8b41a)

[Oracle Ksplice]

Synopsis: FEDORA-2018-3857a8b41a can now be patched using Ksplice
CVEs: CVE-2017-5754

Systems running Fedora 28 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2018-3857a8b41a.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 28
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* NULL dereference while cloning files on CIFS.

There is a potential NULL dereference while cloning a range of bytes for
copy-on-write on a CIFS filesystem.  This could potentially be exploited
by a local attacker to cause a denial-of-service.


* Denial-of-service reading CIFS extended attributes.

A logic error in the CIFS code to list extended file attributes can cause a
kernel assertion to fail, resulting in a kernel panic.  This could be
exploited by a local attacker to cause a denial-of-service.


* Denial-of-service in netfilter's local IPv6 defragmentation path.

When processing locally generated IPv6 fragments, a logic error in the
netfilter defragmentation path can lead to a kernel panic.  A malicious
local attacker could exploit this flaw to cause a denial-of-service
by generating specially crafted IPv6 traffic.


* Information leak in block subsystem core.

A failure to zero out a buffer before copying it to userspace can lead
to kernel memory being leaked to userspace.  A malicious attacker could
exploit this flaw to gain information about the running system.


* Potential NULL dereference in Ceph quota check.

A logic error in the Ceph filesystem's quota check path can lead to a
NULL pointer dereference, and subsequent kernel panic.  This could
potentially be used to cause a denial-of-service.


* Denial-of-service in Intel E800 series NIC driver.

A logic error in the Intel E800 series NIC driver's handling of the
Rx/Tx pause parameter can result in a link failure that requires a
cold power cycle to correct.  This could be exploited to cause a
denial-of-service.


* Multiple memory leaks in QLogic QED driver.

Several logic errors in the QLogic QED driver can lead to memory leaks.
These flaws could potentially be exploited to waste system resources
and degrade performance.


* List corruption in QLogic QED driver.

Under certain conditions, an error path in the QLogic QED driver can
fail to properly delete objects from a list.  When those objects are
used again in the future, it can corrupt that list.  This could lead
to unexpected behavior.


* AQtion ethernet controller driver accepts packets with bad checksums.

A logic error during packet checksum verification in the AQtion
ethernet controller driver can lead to packets with bad checksums being
treated as valid packets.  This could lead to unexpected behavior.


* Improved fix for CVE-2017-5754: Information leak in modify_ldt syscall.

The modify_ldt syscall leaves the original LDT mapping in the userspace
page tables before switching to the new one.  Meltdown-like attacks can
be used to leak information stored in the pages referenced by these
leftover mappings.


* NULL dereference while loading userspace I/O driver.

The userspace I/O driver can potentially attempt to access an
uninitialized pointer while the module is loading.  This leads
to a NULL dereference and subsequent kernel panic.  This flaw
could potentially be exploited to cause a denial-of-service.


* Improper memory accesses in the Kvaser CAN/USB interface driver.

Attempts to access uninitialized or freed memory in the Kvaser CAN/USB
interface driver can lead a system to exhibit unexpected behavior.


* Improved fix for Spectre v1: Information leak in SGI GRU driver.

An unsanitized user-controlled value is used as an index to a buffer
in SGI's Global Reference Unit driver.  This could be exploited to leak
information about the running system.


* Information leak in uhid character device driver.

Under certain circumstances, the uhid character device driver will
allow kernel memory to be copied from a user specified location.  This
flaw could be exploited to leak information about the running system.


* NULL dereference in DRM open path.

Improper handling of an error condition while attempting to open the
/dev/drm device file can lead to a NULL dereference and subsequent
kernel panic.  This could potentially be used by a local attacker to
cause a denial-of-service.


* Potential memory corruption in inode truncation path.

A logic error in the memory manager's inode truncation path can lead to
an inode not being properly cleaned up.  If another file is created with
the same inode, it is possible to read old leftover data, instead of
the expected data, when attempting to read the new file.  This could
cause a system to exhibit unexpected behavior.


* Denial-of-service in KVM IOAPIC scan.

A missing safety check in KVM's IOAPIC scan path can cause the kernel
to attempt access certain objects that have not been initialized.  This
can cause unexpected behavior, including a potential system crash.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.