[Ksplice][Ubuntu-18.04-Updates] New Ksplice updates for Ubuntu 18.04 Bionic (USN-3847-1)

Thu Dec 20 20:03:53 PST 2018

Synopsis: USN-3847-1 can now be patched using Ksplice
CVEs: CVE-2018-10902 CVE-2018-12896 CVE-2018-14734 CVE-2018-16276 CVE-2018-18445 CVE-2018-18690 CVE-2018-18710

Systems running Ubuntu 18.04 Bionic can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-3847-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 18.04
Bionic install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2018-18445: Out-of-bounds access in BPF verifier.

An incorrect truncation when using 32-bit ALU operations in the BPF verifier
can result in an out-of-bounds memory access, leading to a kernel crash. A
local user with the ability to create BPF programs could use this flaw to cause
a denial-of-service.

* CVE-2018-14734: Use-after-free in Infiniband leave_multicast function.

A race condition in the infiniband code could allow the leave_multicast
function to use a structure that was allocated but subsequently freed in
the process_join function, leading to memory corruption and possible system
crash.

* CVE-2018-18690: Denial-of-service on XFS filesystem with attribute setting.

A failure to properly handle an error condition in the xfs code could
allow a local attacker with permissions to set attributes on an xfs
filesystem to make the filesystem non-operational without a remount
by exploiting an error condition with the ATTR_REPLACE operation.

* CVE-2018-18710: Information leak in CD-ROM status reporting.

A bounds check failure in the CD-ROM slot status reporting can lead to an
information leak. A local user with access to a CD-ROM device could use this
flaw to leak information about the running system.

* CVE-2018-10902: Denial-of-service in ALSA rawmidi ioctl.

Race conditions in the SNDRV_RAWMIDI_IOCTL_PARAMS ioctl code could result
in memory corruption.  This could be exploited to cause a denial-of-service.

* CVE-2018-16276: Privilege escalation in USB Yurex read handler.

A logic error in the USB Yurex read handler code could allow the driver
to access userspace memory outside the bounds of the userspace buffer,
potentially leading to memory corruption or privilege escalation inside
userspace.

* CVE-2018-12896: Denial-of-service via POSIX timer overflow.

The POSIX timer overrun value can potentially overflow an integer value
if the timer has a sufficiently long interval and expiry time. A
malicious user to create such a timer to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.