[Ksplice][Ubuntu-18.04-Updates] New Ksplice updates for Ubuntu 18.04 Bionic (USN-3836-1)
Oracle Ksplice
ksplice-support_ww at oracle.com
Thu Dec 6 02:03:47 PST 2018
Synopsis: USN-3836-1 can now be patched using Ksplice
CVEs: CVE-2018-18955 CVE-2018-6559
Systems running Ubuntu 18.04 Bionic can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-3836-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Ubuntu 18.04
Bionic install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* NULL pointer dereference when getting network statistics in Mellanox Technologies ConnectX-4 and Connect-IB driver.
A logic error when getting network statistics with Mellanox Technologies
ConnectX-4 and Connect-IB core driver could lead to a NULL pointer
dereference. A local attacker could use this flaw to cause a
denial-of-service.
* Out-of-bounds access in Network Control Model communications driver.
A logic error when reserving space for a packet can result in an out of
bounds memory access, leading to memory corruption or a Kernel crash.
* Out-of-bounds memory access in simple network scheduler action driver.
A logic error when copying a string in the simple action network
scheduler driver can result in an out-of-bounds memory write, leading to
undefined behavior or a Kernel crash.
* Use-after-free in Transport Layer Security packet encryption.
A failure to handle a memory allocation failure during encryption of a
TLS packet can result in a use-after-free. A local user could use this
flaw to escalate privileges.
* Denial-of-service in BTRFS invalid ioctl flag handling.
A failure to correctly manipulate a reference count in an error case can
result in the inability to unmount a BTRFS filesystem. A local user with
access to a BTRFS filesystem could use this flaw to cause a
denial-of-service.
* NULL pointer dereference in ALSA PCM stream attach.
A failure to correctly handle a memory allocation failure can result in
partial initialization of a PCM stream, leading to a subsequent NULL
pointer dereference.
* Use-after-free in Network Block Device unmount.
A logic error when unmounting a Network Block Device can result in the
access of freed memory, leading to a use-after-free. A local user with
the ability to mount or umount filesystems could use this flaw to
potentially escalate privileges.
* Soft lockup during block multiqueue free.
A logic error when freeing a queue in the block multiqueue
implementation can result in a soft lockup.
* Out-of-bounds memory access in iwlwifi firmware load.
A failure to validate a firmware image from userspace can result in an
out-of-bounds read or write of Kernel memory.
* Denial-of-service when navigating SLAB page list.
Kernel may migrate certain threads to a different CPU from where the
thread originated. This could corrupt per-cpu SLAB page list during page
allocation and lead to an inadvertent denial-of-service when the thread
tries to access the page.
* Memory leak in DRM fence submission.
A logic error when referencing fences in the DRM subsystem can result in
a memory leak. A local user with access to 3D acceleration could use
this flaw to exhaust system memory, leading to a denial-of-service.
* NULL pointer dereference in IP transform.
A failure to handle an error case in the IP transform subsystem can
result in a NULL pointer dereference leading to a kernel crash.
* Information disclosure via bind mount manipulation.
A logic error when checking mount permissions can result in a namespaced
process being able to view filesystem content outside of its namespace.
A local user could use this flaw to view restricted information.
* Undefined behavior in EXT4 inline data retrieval.
A failure to report an error when reading EXT4 inline data can result in
the EXT4 filesystem operating on uninitialised memory, leading to
undefined behavior.
* NULL pointer dereference during Elastic Network Adapter bringup.
A race condition during the initialization of the ENA network drvier can
result in a kernel crash.
* CVE-2018-6559: Information disclosure via overlayfs in user namespace.
A failure to correctly handle user namespaces in overlayfs can result in
a user namespace being able to obtain names of restricted files and
directories.
* Kernel crash during Elastic Network Appliance removal.
A logic error when freeing an ENA instance can result in accessing an
invalid pointer, leading to a kernel crash.
* CVE-2018-18955: Privilege escalation in user namespace mappings.
A logic error in the user mappings between the host and a nested user
namespace can result in a process with the CAP_SYS_ADMIN capability in
the nested user namespace being able to bypass permissions restrictions
on resources outside of its namespace.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-18.04-updates
mailing list