[Ksplice-Fedora-28-updates] New Ksplice updates for Fedora 28 (FEDORA-2018-ab23a7ca88)

[Oracle Ksplice]

Synopsis: FEDORA-2018-ab23a7ca88 can now be patched using Ksplice
CVEs: CVE-2018-10878

Systems running Fedora 28 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2018-ab23a7ca88.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 28
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* NULL pointer dereference when getting network statistics in Mellanox Technologies ConnectX-4 and Connect-IB driver.

A logic error when getting network statistics with Mellanox Technologies
ConnectX-4 and Connect-IB core driver could lead to a NULL pointer
dereference. A local attacker could use this flaw to cause a
denial-of-service.


* Use-after-free when receiving tpacket with virtio header over a TCP socket.

A logic error when receiving tpacket with virtio header over a TCP
socket could lead to a use-after-free. A local
attacker could use this flaw to cause a denial-of-service.


* Denial-of-service when using Inter-FE action based on IETF ForCES InterFE LFB.

A logic error when using Inter-FE action based on IETF ForCES InterFE
LFB could lead to a use-after-free and a deadlock. A local attacker
could use this flaw to cause a denial-of-service.


* NULL pointer dereference when setting backend in Host kernel accelerator for virtio net.

A missing check in error path when setting backend in Host kernel
accelerator for virtio net could lead to a NULL pointer dereference. A
local attacker could use this flaw to cause a denial-of-service.


* NULL pointer dereference when initializing Cadence network driver.

A missing variable initialization when initializing Cadence network
driver could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.


* Improved fix for Spectre v1: Bounds-check bypass in Chelsio Communications T3 10Gb Ethernet driver.

A missing sanitization of array index after bounds check in Chelsio
Communications T3 10Gb Ethernet driver could lead to an information
leak. A local attacker could use this flaw to leak information about
running system.


* Denial-of-service when connecting to an access point with Realtek rtlwifi family of devices.

A race condition when connecting to an access point and quickly entering
and leaving power states with Realtek rtlwifi family of devices could
lead to a kernel assert. A local attacker could use this flaw to cause a
denial-of-service.


* Use-after-free in ebtables evaluation loop.

A missing check in ebtables evaluation loop could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* Buffer overflow in warning messages of Reiser filesystem.

A missing bounds check when printing mount options in warning messages
of Reiser filesystem could lead to a buffer overflow. A local attacker
could use crafted mount options to cause a denial-of-service.


* Use-after-free when sending messages over Transport Layer Security socket.

A logic error when sending messages over Transport Layer Security socket
could lead to a use-after-free. A local attacker could use this flaw to
cause a denial-of-service.


* Out-of-bounds access when using Kernel automounter version 4.

A missing check on user input when using Kernel automounter version 4
could lead to an out-of-bounds access. A local attacker could use this
flaw to cause a denial-of-service.


* Memory leak when closing a bpf socket.

A logic error when closing a bpf socket could lead to a memory leak. A
local attacker could use this flaw to exhaust kernel memory and cause a
denial-of-service.


* Improved fix for CVE-2018-10878: Out-of-bounds access when initializing ext4 block bitmap.

A logic error in the previous fix for CVE-2018-10878 prevented mounting ext4
filesystems with metablock groups enabled.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.