[Ksplice-Fedora-29-updates] New Ksplice updates for Fedora 29 (FEDORA-2019-8219efa9f6)
Oracle Ksplice
ksplice-support_ww at oracle.com
Thu May 23 13:31:13 PDT 2019
Synopsis: FEDORA-2019-8219efa9f6 can now be patched using Ksplice
CVEs: CVE-2019-3900 CVE-2019-9503
Systems running Fedora 29 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2019-8219efa9f6.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Fedora 29
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Improved fix for Spectre v1: Information leak in ATM LAN emulation driver.
A failure to sanitize a user controlled array index in the Asynchronous
Transfer Mode LAN emulation driver can lead to kernel memory being
leaked to userspace. A local attacker could exploit this flaw to leak
information about the running system.
* Use-after-free in the Foo-over-UDP driver's packet receive path.
In certain cases, it's possible for the FOU driver to attempt to access
packet header data which may have already been freed. This can cause
a system to exhibit unexpected behavior, and could lead to a
denial-of-service.
* Memory leak during TLS context structure teardown.
A logic error in the code path that handles the freeing of certain
structures used for TLS transactions can result in a memory leak. This
flaw could potentially be exploited to waste system resources and
degrade performance.
* Denial-of-service in Stream Parser receive path.
A flaw exists in the Stream Parser's receive path that can lead to a
stack overflow, and a potential kernel panic. A remote attacker could
potentially exploit this flaw to cause a denial-of-service.
* Memory access violations during TLS transaction handling in Mellanox driver.
Several logic and locking errors in the Mellanox driver's handling of
TLS transactions can lead to use-after-free scenarios, or a potential
out-of-bounds memory access. These flaws could cause a system to
behave unexpectedly, and could result in a denial-of-service.
* NULL dereference during IPv6 PMTU update.
A failure to check if a pointer is set before attempting to access it
can lead to a NULL pointer dereference in the IPv6 PMTU update path.
This could potentially cause a denial-of-service.
* Out-of-bounds access during CIFS mount.
A subtle error in handling certain combinations of mount options can
cause a out-of-bounds access in the CIFS mount path. This could cause
a system to exhibit unexpected behavior, and may lead to a
denial-of-service.
* Memory leak in CIFS symlink query path.
A failure to close a file handle under certain conditions can lead to
a memory leak in the CIFS code path that deals with symlinks. This
flaw could potentially be exploited by a malicious local user to waste
system resources and degrade performance.
* Guest VM leaks bits into host control register, causing host to panic.
In the event that a guest VM schedules out during a machine check error,
the host's XCR0 register may get populated with incorrect values. This
will cause a general protection fault on the host, leading to a
denial-of-service.
* Potential deadlock in in MT76 driver's transmit path.
A lock ordering issue in the MT76 driver core can lead to a deadlock
in certain cases. This could be used to cause a denial-of-service.
* CVE-2019-3900: Infinite loop in vhost_net driver under heavy load.
It is possible, under certain conditions, for the vhost_net driver to
get caught in a near-infinite loop while trying to process incoming
packets. This flaw could be exploited by a malicious local or remote
attacker in order to cause a deny access to network services that rely
on the vhost_net driver.
* CVE-2019-9503: Denial-of-service when receiving firmware event frames over a Broadcom WLAN USB dongle.
A failure to validate firmware event frames received over a Broadcom
WLAN USB dongle could let a remote attacker cause a denial-of-service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-29-Updates
mailing list