[Ksplice][Ubuntu-17.04-Updates] New Ksplice updates for Ubuntu 17.04 Zesty (4.10.0-26.30)
Oracle Ksplice
ksplice-support_ww at oracle.com
Fri Jun 30 09:56:21 PDT 2017
Synopsis: 4.10.0-26.30 can now be patched using Ksplice
CVEs: CVE-2017-1000364 CVE-2017-100363 CVE-2017-8890 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242
Systems running Ubuntu 17.04 Zesty can now use Ksplice to patch
against the latest Ubuntu kernel update, 4.10.0-26.30.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Ubuntu 17.04
Zesty install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Denial-of-service in Plan 9 filesystem access control list manipulation.
Incorrect error handling when updating access control lists in the plan
9 filesystem can result in a memory leak. A local attacker could use
this flaw to exhaust kernel memory, resulting in a denial-of-service.
* Kernel crash in mwifiex 802.11 packet transmission.
A logic error in the processing of wifi transmission packets in the
mwifiex driver can result in a buffer overrun, resulting in a kernel
crash.
* Denial-of-service in iwlwifi debugfs interface.
A failure to correctly validate input can result in a kernel crash when
writing to the iwlwifi debug interface. A privileged attacker could use
this flaw to crash the kernel, leading to a denial-of-service.
* Out-of-bounds access in Intel power management controller.
A logic error in the intel power management controller driver can result
in an out-of-bounds memory access. This could result in undefined
behaviour or a kernel crash.
* Denial-of-service in qedi iSCSI connection initialization.
Incorrect error handling can result in a failure to free kernel memory.
A local attacker with the ability to create iSCSI connections could use
this flaw to cause a denial-of-service.
* Kernel crash in Broadcom flexible MAC wifi driver.
A logic error in the processing of wifi transmission packets can result
in the access of uninitialised memory resulting in a kernel crash.
* Denial-of-service in TCP transmission buffer management.
A logic error during management of TCP packet buffers can cause an
assertion failure in the Kernel leading to undefined behaviour or
potentially a Kernel crash. A local attacker could use this flaw to
cause a denial-of-service.
* Denial-of-service in IPv6 duplicate address detection.
A race condition in the handling of duplicate address detection for IPv6
could result in kernel memory corruption. A user with the ability to
create network namespaces could use this flaw to crash the kernel,
leading to a denial-of-service.
* Denial-of-service in TCP accept handling.
A failure to correctly initialize a pointer when accepting TCP
connections could result in a double free. A local attacker could use
this flaw to cause undefined behaviour or a kernel crash, leading to a
denial-of-service.
* Denial-of-service in raw socket IP header processing.
A failure to validate IP packets submitted to raw sockets can result in
the access of invalid memory. This could result in a kernel crash,
leading to a denial-of-service.
* Kernel crash in Broadcom NetXtreme Receive Flow Steering.
A failure to allocate enough memory for Receive Flow Steering management
can result in a buffer overrun leading to undefined behaviour or a
kernel crash.
* Information disclosure via use of unprivileged eBPF programs.
A failure to enforce kptr_restrict for eBPF programs can result in the
leak of sensitive information to userspace. A local attacker could use
this flaw to facilitate a further attack.
* Denial-of-service due to corrupted F2FS filesystem.
A failure to validate the segment count when mounting an F2FS
filesystem can result in undefined behaviour when accessing the
filesystem. This could result in a kernel crash, leading to a
denial-of-service.
* Use-after-free in DRM/TTM fault handling.
A race condition in the DRM/TTM driver can result in a use-after-free
during vm fault handling. A local attacker could use this flaw to cause
a kernel crash.
* CVE-2017-8890, CVE-2017-9076, CVE-2017-9077: Denial-of-service in DCCPv6 sockets.
A use-after-free in the DCCPv6 sockets could allow a local, unprivileged
user to crash the kernel, causing a denial of service.
* CVE-2017-9074: Information leak via ipv6 fragment header.
The header size of an ipv6 fragment is not properly checked, potentially
allowing an attacker to read out-of-bounds memory when attempting to
parse it, leaking information.
* CVE-2017-9075: Denial of service when using SCTP protocol with IPV6.
A missing structure initialization could lead to a double free when
creating a new socket. A local unprivileged attacker could use this flaw
to cause a denial-of-service.
* CVE-2017-9242: Denial-of-service when using send syscall of IPV6 socket.
A missing check when sending messages over IPV6 sockets could lead to an
out-of-bound access. A local user could use this flaw to cause a
denial-of-service.
* Race condition in USB device initialization causes denial-of-service.
Two USB devices calling init_usb_class simultaneously can race and
corrupt kernel memory, potentially causing a crash and
denial-of-service.
* Auto-suspending disconnected USB devices causes denial-of-service.
In rare cases, the generic USB driver can attempt to auto-suspend a USB
device not actually connected to the system. This causes a NULL pointer
dereference and denial-of-service.
* Incorrect event handling in KVM causes SMM errors in client.
Incorrect logic when entering system management mode on a KVM client
could cause the system to misbehave, potentially causing the client SMM
to report errors.
* Deadlock in Intel OPA Gen1 Infiniband driver causes denial-of-service.
Incorrectly holding a spinlock while yielding CPU in the Intel OPA Gen1
Infiniband driver could deadlock the thread, causing a
denial-of-service.
* Denial-of-service when writing to small memory-mapped file on ext4.
In rare cases, writing to a very small memory-mapped file on the ext4
filesystem can execute invalid code, causing a denial-of-service.
* Information leak via unsanitized buffer in getxattr.
Failing to zero out a buffer returned by getxattr in low-memory
situations could cause kernel memory to be exposed to userspace.
* Null private_data in CIFS ioctls causes denial-of-service.
When enumerating CIFS snapshots or getting IOC information for a tree,
the private_data pointer is not properly checked, potentially causing a
kernel panic and denial-of-service.
* Deadlock when reporting DAX device information to sysfs.
Invalid ordering of calls when reporting DAX device information to sysfs
could cause a deadlock and denial-of-service.
* CVE-2017-100363: Denial-of-service in printer driver setup.
Missing validation on the "lp" module parameter could result in an
out-of-bounds access and integer overflow. A local, privileged user
could use this flaw to crash the kernel or defeat secure boot
protections.
* Information leak in TI LP8788 charger driver.
Incorrect array initialization could result in reading beyond the end of
an array and leaking the contents of kernel memory to user-space.
* Denial-of-service in Ceph file system extended attributes.
Failure to free memory when the filesystem failed to set an extended
attribute could result in memory exhaustion. A local, unprivileged user
could use this flaw to cause a denial of service.
* Improved fix to CVE-2017-1000364 to allow stack expansion close to userspace guard.
Some userspace applications like the Java Virtual Machine are trying to
implement a stack guard area manually by using a fixed mapping which,
together with the original Debian fix for CVE-2017-1000364, prevents stack
expansion when it shouldn't have.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-17.04-updates
mailing list