[Ksplice][Ubuntu-19.10-Updates] New Ksplice updates for Ubuntu 19.10 Eoan (USN-4369-1)
Oracle Ksplice
ksplice-support_ww at oracle.com
Tue Jun 23 08:11:08 PDT 2020
Synopsis: USN-4369-1 can now be patched using Ksplice
CVEs: CVE-2019-19377 CVE-2019-19769 CVE-2020-11494 CVE-2020-11565 CVE-2020-11608 CVE-2020-11609 CVE-2020-11668 CVE-2020-12657 CVE-2020-12826 CVE-2020-8835
Systems running Ubuntu 19.10 Eoan can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-4369-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Ubuntu 19.10
Eoan install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2020-12826: Privilege escalation in process signal handling.
A logic error in the way signal are passed from child to parent could
lead to a child sending any signal to a parent. A local attacker could
use this flaw to escalate privileges.
* Use-after-free when getting node list/status in High-availability Seamless Redundancy driver.
A locking error when getting node list/status in High-availability
Seamless Redundancy driver could lead to a use-after-free. A local
attacker could use this flaw to cause a denial-of-service.
* CVE-2020-11608: NULL pointer dereference when initializing USB GSPCA based webcams.
A missing check on exposed endpoint numbers from USB GSPCA based webcams
could lead to a NULL pointer dereference. A local attacker could use a
malicious USB device to cause a denial-of-service.
* Improved fix for CVE-2020-8835: Privileges escalation in BPF verifier code.
A logic error in the BPF verifier code could lead to incorrect bounds
calculation. A local attacker could use this flaw to leak information
about running kernel or escalate privileges.
* CVE-2020-11609: NULL pointer dereference when initializing STV06XX USB Camera device.
A missing check on USB endpoints when initializing STV06XX USB Camera
device could lead to a NULL pointer dereference. A local attacker could
use this flaw and a malicious USB device to cause a denial-of-service.
* Invalid memory access when using IEEE 802.1AE MAC-level encryption.
A missing check when registering a new link in IEEE 802.1AE MAC-level
encryption driver could lead to an invalid memory access. A local
attacker could use this flaw to cause a denial-of-service.
* CVE-2020-11494: Information leak in serial line CAN device communication.
When communicating with a CAN device over serial, a buffer structure is
transmitted without proper sanitization, potentially exposing stack
memory over the network.
* NULL pointer dereference when using TCP_QUEUE_SEQ socket option.
A logic error when using using TCP_QUEUE_SEQ socket option could lead
to a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.
* Invalid memory access when using Speakup screen reader.
A logic error when using Speakup screen reader could lead to an invalid
memory access. A local attacker could use this flaw to cause a denial-
of-service.
* Denial-of-service when creating queue pairs in Mellanox Connect-IB HCA driver.
A missing check on user capabilities when creating queue pairs in
Mellanox Connect-IB HCA driver could allow a malicious user to prevent
receiving more data over Mellanox Connect-IB HCA driver.
* Denial-of-service when adding High-availability Seamless Redundancy device.
A logic error when adding High-availability Seamless Redundancy device
could lead to an invalid memory access. A local attacker could use this
flaw to cause a denial-of-service.
* CVE-2020-11668: NULL pointer dereference when initializing Xirlink C-It USB camera device.
A missing check on USB endpoints when initializing Xirlink C-It USB
camera device could lead to a NULL pointer dereference. A local attacker
could use this flaw and a malicious USB device to cause a
denial-of-service.
* Out-of-bounds access on tcindex change in network packet classifier.
A logic error when changing tcindex in network packet classifier could
lead to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.
* Deadlock when receiving data over Line 6 POD USB device.
A logic error when receiving data over Line 6 POD USB device could lead
to a deadlock. A local attacker could use this flaw and a malicious USB
device to cause a denial-of-service.
* Out-of-bounds access when using Transformation user configuration interface.
A missing check on user input when using Transformation user
configuration interface could lead to an out-of-bounds access. A local
attacker could use this flaw to cause a denial-of-service.
* Use-after-free when changing route in route4 classifier driver.
A logic error when changing route in route4 classifier driver could lead
to a use-after-free. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2019-19377: Use-after-free when unmounting a BTRFS image.
A logic error when unmounting a BTRFS image could lead to a use-after-
free. A local attacker could use this flaw and a crafted BTRFS image to
cause a denial-of-service.
* CVE-2019-19769: Use-after-free in POSIX file locking API.
A logic error in POSIX file locking API could lead to a use-after-free.
A local attacker could use this flaw to cause a denial-of-service.
* CVE-2020-11565: Out-of-bounds access when mounting tmpfs.
A missing check on mpol mount option when mounting tmpfs could lead to
an out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.
* Data corruption in the HFS+ filesystem when deleting files.
A bug in extended attribute handling in the HFS+ filesystem causes
on-disk data corrutpion when deleting files. This could lead to
inadvertent data loss.
* Denial-of-service when processing a write request in NFS.
A bug in the NFS filesystem leads to memory leak when processing write
requests. An attacker may exploit this to exhaust kernel memory and
cause a denial-of-service.
* Use-after-free when tearing down SCTP queue.
A reference counting bug in the SCTP protocol leads to a use-after-free
in while tearing down outgoing queue. An attacker could exploit this bug
to cause a denial-of-service.
* Denial-of-service when processing delayed work in btrfs.
Incorrect locking in the btrfs filesystem when running delayed items
could lead to a deadlock. An attacker could exploit this bug to cause
a denial-of-service.
* Denial-of-service when performing fsync in btrfs filesystem.
Failing to release a lock in the after an fsync leads to deadlock in the
btrfs filesystem. An attacker could exploit this bug to cause a
denial-of-service.
* Denial-of-service during address resolution in the rdma driver.
Inadequate error handling in the rdma subsystem leads to a NULL pointer
dereference during address resolution. An attacker may exploit this bug
to cause a denial-of-service.
* Data-race when writing to an inode in ext4 filesystem.
A concurrency bug in the ext4 filesystem causes data race when writing
to an inode. This could lead to data corruption and inadvertent
data loss.
* Denial-of-service when performing fallocate in ocfs2 silesystem.
Incorrect handling of the fallocate syscall in the ocfs2 filesystem
could trigger a kernel BUG. An attacker could exploit this to cause a
denial-of-service.
* Data corruption in the gfs2 filesystem.
A data race in the gfs2 filesystem due to inadequate exclusion could
lead to permanent data corruption after transient error. This could lead
to inadvertent data loss.
* CVE-2020-12657: Use-after-free in BFD I/O scheduler subsystem.
A race condition in the BFD I/O scheduler subsystem when clearing queue
leads to a use-after-free bug. An attacker may exploit this bug to cause
a denial-of-service.
* Information leak when using tty TIOCGSERIAL ioctl with 32 bits userspace.
A missing zeroing of uninitialized data when using tty TIOCGSERIAL ioctl
with 32 bits userspace could lead to an information leak. A local
attacker could use this flaw to leak information about running kernel
and facilitate an attack.
* Use-after-free when destroying Traffic-Control Index.
A locking error when destroying Traffic-Control Index could lead to a
use-after-free. A local attacker could use this flaw to cause a denial-
of-service.
* NULL pointer dereference when sending packets over InfiniBand userspace MAD driver.
A missing check on umad interface when sending packets over InfiniBand
userspace MAD driver could lead to a NULL pointer dereference. A local
attacker could use this flaw to cause a denial-of-service.
* Out-of-bounds access when specifying a large tag in dm integrity.
A logic error when a user specify a tag with a very large size could
lead to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-19.10-updates
mailing list