[Ksplice][Ubuntu-17.10-Updates] New Ksplice updates for Ubuntu 17.10 Artful (USN-3630-1)

[Oracle Ksplice]

Synopsis: USN-3630-1 can now be patched using Ksplice
CVEs: CVE-2017-5715 CVE-2018-8043

Systems running Ubuntu 17.10 Artful can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-3630-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 17.10
Artful install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2018-8043: NULL pointer dereference when registering Broadcom UniMAC MDIO bus controller.

A missing check when registering Broadcom UniMAC MDIO bus controller
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.


* Improved fix for CVE-2017-5715: Denial-of-service when ptracing a process while AppArmor is running.

A logic error when ptracing a process from another process while
AppArmor is enabled could lead to a deadlock. A local
attacker could use this flaw to cause a denial-of-service.


* Improved fix for Spectre v2: Speculative execution when making indirect calls during emulation.

A missing use of indirect calls protection macro during emulation could
lead to speculative execution. A local attacker could use this flaw to
leak information about running system.


* Wrong TLB state after a CPU hotplug or a platform resume.

A missing initialization of TLB state after a CPU hotplug or a platform
resume could lead to TLB state corruption.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.