[Ksplice-Fedora-28-updates] New Ksplice updates for Fedora 28 (FEDORA-2018-c03ba71e1d)

Wed Jul 25 06:14:59 PDT 2018

Synopsis: FEDORA-2018-c03ba71e1d can now be patched using Ksplice
CVEs: CVE-2017-5753 CVE-2018-10876 CVE-2018-10877 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883

Systems running Fedora 28 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2018-c03ba71e1d.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 28
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Out-of-bounds memory write in tracing subsystem histogram error reporting.

A logic error when copying a string when reporting an error in the
tracing subsystem can result in an out-of-bounds stack write, leading to
undefined behavior or a Kernel crash.

* Denial-of-service in sg read/write implementation.

An unsafe implementation of read/write in the sg driver can result in
userspace being able to corrupt Kernel memory. A local user with access
to an sg device could use this flaw to cause undefined behaviour or a
Kernel crash, leading to a denial-of-service.

* Denial-of-service when setting CIFS extended attribute.

A failure to free memory when setting an extended attribute in a CIFS
filesystem can lead to a memory leak. A local user with access to a CIFS
filesystem could use this flaw to exhaust system memory, leading to a
denial-of-service.

* Denial-of-service in CIFS filesystem mount.

A failure to correctly handle signals during a CIFS mount operation can
result in an infinite loop. A local user with the ability to mount a
CIFS filesystem could use this flaw to cause a denial-of-service.

* Denial-of-service in netfilter log target.

Incorrect locking in the netfilter log target can result in deadlock
when accessing memory backed by a userfaultfd region. A local user with
access to netfilter and userfaultfd could use this flaw to cause a
denial-of-service.

* Improved fix for CVE-2017-5753: Indirect branch speculation.

Information controlled by userspace can be used to disclose kernel
memory via speculation in the Human Input Device driver. A local user
could use this flaw to facilitate a further attack on the system.

* CVE-2018-10883: Out-of-bounds access in ext4 block journal handling.

A logic error in ext4 block journal handling could lead to an
out-of-bounds access. A local attacker could use this flaw with a
crafted ext4 filesystem to cause a denial-of-service.

* CVE-2018-10879: Use-after-free when setting extended attribute entry on ext4 filesystem.

A logic error when setting extended attribute entry on ext4 filesystem
could lead to a use-after-free. A local attacker could use this flaw
with a crafted ext4 filesystem to cause a denial-of-service.

* CVE-2018-10876: Use-after-free when removing space in ext4 filesystem.

A logic error when removing space in ext4 filesystem could lead to a
use-after-free. A local attacker could use this flaw with a crafted ext4
image to cause a denial-of-service.

* CVE-2018-10877: Out-of-bounds access when using corrupted ext4 filesystem with abnormal extent tree.

A missing check when using corrupted ext4 filesystem with abnormal
extent tree could lead to an out-of-bounds access. A local attacker
could use this flaw with a crafted ext4 image to cause a
denial-of-service.

* CVE-2018-10881: Data corruption when using indirect blocks with ext4 filesystem.

A missing data zeroing when using indirect blocks with ext4 filesystem
could lead to data corruption or a kernel assert. A local attacker could
use this flaw to cause a denial-of-service.

* CVE-2018-10880: Out-of-bounds access when making inode space in ext4 filesystem.

A logic error when making inode space in ext4 filesystem could lead to
an out-of-bounds access. A local attacker could use this flaw with a
crafted ext4 image to cause a denial-of-service.

* CVE-2018-10882: Out-of-bounds access when unmounting a crafted ext4 filesystem.

A logic error when unmounting a crafted ext4 filesystem could lead to an
out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.