[Ksplice-Fedora-29-updates] New Ksplice updates for Fedora 29 (FEDORA-2019-a3eb438fa2)

[Oracle Ksplice]

Synopsis: FEDORA-2019-a3eb438fa2 can now be patched using Ksplice

Systems running Fedora 29 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2019-a3eb438fa2.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 29
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Denial-of-service when adding a socket to an IGMP group.

A memory leak when adding a socket to an IGMP group could exhaust
kernel memory. A malicious local user could exploit this to cause
a denial-of-service.


* Denial-of-service in the netfilter subsystem when routing packet.

A null pointer dereference when routing a packet in the netfliter
subsystem leads to kernel crash. A malicious user could exploit this to
cause a denial-of-service.


* Denial-of-service in the ARP neighbour discovery subsystem.

A logic error while scheduling timer in the neighbour discovery subsystem
triggers a kernel fail-safe which could cause a kernel crash. A local
user capable of manipulating ARP cache can exploit this flaw to cause a
denial-of-service.


* Information leak when offloading TLS cryptography to hardware.

TLS encryption / decryption keys are not properly wiped from kernel
memory when the socket is destroyed. An unprivileged user could exploit
this flaw to break TLS and read privileged data.


* Denial-of-service when sending data over NFC.

An uninitialized read when sending fragmented packet over NFC could lead
to a kernel crash. A malicious user could exploit this flaw to cause a
denial-of-service.


* Denial-of-service when executing certain BPF programs.

An invalid pointer dereference in the TCP congestion control subsystem
when executing a BPF program of type SOCK_OPS could lead to a kernel
crash. A malicious BPF program could exploit this flaw to cause a
denial-of-service.


* Denial-of-service when receiving multicast packet over a bridge.

Stale pointer dereference when receiving multicast packet in the network
bridge subsystem could lead to out-of-bound read. This could allow a
member of a multicast group to cause invalid read and possibly a
denial-of-service.


* Denial-of-service when receiving frame over MACsec.

A use-after-free bug in MACsec frame reception path could lead to
invalid memory access. An attacker could exploit this to cause a
denial-of-service.


* Privilege escalation when setting flag in ext4 filesystem.

Failure to validate operation against attribute allows user to modify
the flags of an immutable file. A malicious user with read-only access
to a file could use this bug to modify the file.


* Denial-of-service in the network bridge subsystem.

A stale pointer reuse in the network bridge STP implementation could
lead to invalid memory access. This could cause a denial-of-service.


* Denial-of-service when releasing a VM on Intel-based systems.

Multiple bugs in the VM release path in the KVM VMX subsystem could lead
to kernel crash or hang when an L1 guest running nested (L2) guest gets
reset. A malicious user who has the privilege to control and L1 guest
and start L2 guest with VMX capability can exploit this to cause a
denial-of-service on host.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.