[Ksplice-Fedora-28-updates] New Ksplice updates for Fedora 28 (FEDORA-2019-509c133845)

Oracle Ksplice ksplice-support_ww at oracle.com
Fri Feb 8 00:35:35 PST 2019 

Synopsis: FEDORA-2019-509c133845 can now be patched using Ksplice
CVEs: CVE-2019-3459 CVE-2019-3460

Systems running Fedora 28 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2019-509c133845.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 28
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Denial-of-service when using Infiniband RoCE devices.

A missing check when using Infiniband RoCE devices could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* NULL pointer dereference on resume of output in XFRM driver.

A wrong return code in resume of output in XFRM driver could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.


* NULL pointer dereference in XFRM driver input.

A logic error in XFRM driver input could lead to a NULL pointer
dereference. A local attacker could use this flaw to cause a
denial-of-service.


* Invalid memory access when adjusting TCP sequence number in connection tracking driver.

A logic error when adjusting TCP sequence number in connection tracking
driver could lead to an invalid memory access. A local attacker could
use this flaw to cause a denial-of-service.


* NULL pointer dereference in QLogic FCoE offload driver.

A missing check in QLogic FCoE offload driver error handling could lead
to a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.


* Buffer overflow when receiving data in Cascoda CA8210 transceiver driver.

A variable declaration error when receiving data in Cascoda CA8210
transceiver driver could lead to a buffer overflow. A local attacker
could use this flaw to cause a denial-of-service.


* Double free in NAT netfiltering with XFRM enabled.

A refcount error in NAT netfiltering with XFRM enabled could lead to a
double free. A local attacker could use this flaw to cause a
denial-of-service.


* NULL pointer dereference in MediaTek MT76 Wireless driver.

A missing check when stopping tx queues in MediaTek MT76 Wireless driver
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.


* Use-after-free when unregistering mac80211 interface.

A logic error when unregistering mac80211 interface after a TX could
lead to a use-after-free. A local attacker could use this flaw to cause
a denial-of-service.


* Memory leak in cryptographic logic of nl80211 driver.

A missing free of resources in cryptographic logic of nl80211 driver
could lead to a memory leak. A local attacker could use this flaw to
exhaust kernel memory and cause a denial-of-service.


* Memory leak during cache lookup in SUNRPC driver.

A logic error during cache lookup in SUNRPC driver could lead to a
memory leak. A local attacker could use this flaw to exhaust kernel
memory and cause a denial-of-service.


* NULL pointer dereference in probe of Cirrus Logic CS46XX driver.

A missing check in probe of Cirrus Logic CS46XX driver could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.


* Out-of-bounds accesses in usb audio driver.

A missing check in usb audio driver could lead to out-of-bounds
accesses. A local attacker could use this flaw to cause a
denial-of-service.


* Use-after-free in block device writeback throttling driver.

A missing disabling of a timer in block device writeback throttling
driver could lead to a use-after-free. A local attacker could use this
flaw to cause a denial-of-service.


* Memory leaks in Distributed Lock Manager.

Missing free of resources in Distributed Lock Manager could lead to
multiple memory leaks. A local attacker could use this flaw to exhaust
kernel memory and cause a denial-of-service.


* Double free when creating inodes in GFS2 file system.

A logic error when creating inodes in GFS2 file system could lead to a
double free. A local attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service when mounting a 9p remote filesystem.

A missing check of parameters when mounting a 9p remote filesystem could
lead to a kernel panic. A local attacker could use this flaw to cause a
denial-of-service.


* Use-after-free in InfiniBand SCSI RDMA Protocol target driver.

A logic error when releasing a channel in InfiniBand SCSI RDMA Protocol
target driver could lead to a use-after-free. A local attacker could use
this flaw to cause a denial-of-service.


* CVE-2019-3459: Information leak in Bluetooth logical link control and adaptation protocol (L2CAP).

A missing check when receiving a packet in Bluetooth logical link
control and adaptation protocol (L2CAP) could lead to an information
leak. A local user in the Bluetooth transmission range could use this
flaw to leak information about running kernel and facilitate an attack.


* CVE-2019-3460: Information leak in Bluetooth logical link control and adaptation protocol (L2CAP).

A missing check when receiving a packet in Bluetooth logical link
control and adaptation protocol (L2CAP) could lead to an information
leak. A local user in the Bluetooth transmission range could use this
flaw to leak information about running kernel and facilitate an attack.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-28-Updates mailing list