From ksplice-support_ww at oracle.com Mon Jul 2 11:07:12 2018 From: ksplice-support_ww at oracle.com (Oracle Ksplice) Date: Mon, 2 Jul 2018 18:07:12 GMT Subject: [Ksplice][Ubuntu-17.10-Updates] New Ksplice updates for Ubuntu 17.10 Artful (4.13.0-46.51) Message-ID: <201807021807.w62I7Ct0028722@userv0021.oracle.com> Synopsis: 4.13.0-46.51 can now be patched using Ksplice CVEs: CVE-2018-1130 CVE-2018-11508 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927 CVE-2018-7755 CVE-2018-7757 Systems running Ubuntu 17.10 Artful can now use Ksplice to patch against the latest Ubuntu kernel update, 4.13.0-46.51. INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running Ubuntu 17.10 Artful install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2018-5750: Information leak when registering ACPI Smart Battery System driver. A too verbose printk when registering ACPI Smart Battery System driver leaks kernel addresses. A local attacker could use this flaw to leak information about running kernel and facilitate an attack. * CVE-2018-5803: Denial-of-service when receiving forged packet over SCTP socket. A missing check when receiving a forged packet with custom properties over SCTP socket could lead to a kernel assert. A remote attacker could use this flaw to cause a denial-of-service. * CVE-2018-6927: Integer overflow when re queuing a futex. A missing check when calling futex system call with "requeue" option could lead to an integer overflow. A local attacker could use this flaw to cause a denial-of-service. * CVE-2018-7757: Memory leak when reading invalid_dword_count attribute of SAS Domain Transport driver. A missing free when reading invalid_dword_count attribute of SAS Domain Transport driver could lead to a memory leak. A local attacker could use this flaw to exhaust kernel memory and cause a denial-of-service. * CVE-2018-1130: Denial-of-service in DCCP message send. A logic error in the dccp code could lead to a NULL pointer dereference when transmitting messages, leading to a kernel panic. An attacker could use this to cause a denial-of-service. * CVE-2018-11508: Information disclosure in 32-bit timex syscall. A failure to correctly initialize memory can result in a leak of sensitive Kernel memory to userspace. A local user could use this flaw to facilitate a further attack. * CVE-2018-7755: Information leak through floppy disk driver ioctl. A logic error when using floppy disk driver ioctl could lead to a kernel address leak. A local attacker could use this flaw to get address of running kernel and facilitate an attack. * Denial-of-service while reading files using filesystem caching. A race condition when reading files using filesystem caching could lead to a kernel assert. A local attacker could use this flaw to cause a denial-of-service. * Denial-of-service when registering a new binary type. A logic error when registering a new binary type with a too big offset could lead to an overflow. A local attacker could use this flaw to cause a denial-of-service. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com.