[Ksplice-Fedora-29-updates] New Ksplice updates for Fedora 29 (FEDORA-2019-3dbfaeac73)
Oracle Ksplice
ksplice-support_ww at oracle.com
Thu Aug 15 07:23:42 PDT 2019
Synopsis: FEDORA-2019-3dbfaeac73 can now be patched using Ksplice
CVEs: CVE-2019-13631 CVE-2019-14283 CVE-2019-14284
Systems running Fedora 29 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2019-3dbfaeac73.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Fedora 29
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* NULL pointer dereference when using IPSec XFRM cryptography-offload acceleration with non-IPsec hardware.
A missing check when using IPSec XFRM cryptography-offload acceleration
with non-IPsec hardware could lead to a NULL pointer dereference. A
local attacker could use this flaw to cause a denial-of-service.
* Permissions bypass in device firmware loading.
A logic error when filtering firmware load requests through an LSM or
IMA policy could incorrectly allow loading of firmware. A local
privileged user could use this flaw to load malicious firmware into a
device.
* CVE-2019-14284: Denial-of-service in floppy disk formatting.
A division by zero in the setup_format_params function for the floppy
disk driver could result in a kernel crash. A local user with access to
the floppy disk device could use this flaw to crash the system.
* CVE-2019-14283: Denial-of-service in floppy disk geometry setting during insertion.
Missing input validation in the floppy disk geometry setting calls could
allow a malicious local user with access to the floppy device to cause
an out-of-bounds access either crashing the system or leaking the
contents of kernel memory.
* XSA-300: Denial-of-service in Xen memory ballooning.
A logic error in the Xen memory balloon device driver could result in
exhaustion of resources or crashes of the backend device drivers
resulting in IO stalls or guest failures. A local privileged user could
use this flaw to cause a denial of service.
* CVE-2019-13631: Denial-of-service in GTCO CalComp/InterWrite tablet.
Missing range checks could allow an out-of-bounds stack memory write
when parsing USB descriptors. A physically present user could use a
malicious device to trigger an out-of-bounds access leading to a kernel
crash.
* Denial-of-service in DesignWare 8250 serial port PCI mapping.
Incorrect resource mapping could result in failure to map an IO region
leading to a NULL pointer dereference and kernel crash after removing
and reattaching an 8250 serial port.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-29-Updates
mailing list