[El-errata] New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2018-4300)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Sun Dec 9 23:36:59 PST 2018
Synopsis: ELSA-2018-4300 can now be patched using Ksplice
CVEs: CVE-2014-9728 CVE-2016-3713 CVE-2017-13168 CVE-2017-17805 CVE-2017-17806 CVE-2018-1000204 CVE-2018-10021 CVE-2018-10902 CVE-2018-18710 CVE-2018-7755
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4300.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR3 3.8.13 on
OL6 and OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2017-17806: Denial-of-service in HMAC algorithms.
Invalid algorithm combinations could result in buffer overflows or other
undefined behaviour when using a keyed hash algorithm. A local,
unprivileged user could use this flaw to crash the system, or
potentially, escalate privileges.
Orabug: 28976654
* CVE-2017-17805: Denial-of-service in SALSA20 block cipher.
Incorrect handling of zero length buffers could result in an invalid
pointer dereference and kernel crash. A local, unprivileged user could
use this flaw to crash the system, or potentially, escalate privileges.
Orabug: 28976585
* CVE-2018-7755: Information leak through floppy disk driver ioctl.
A logic error when using floppy disk driver ioctl could lead to a kernel
address leak. A local attacker could use this flaw to get address of
running kernel and facilitate an attack.
* CVE-2018-18710: Information leak when checking the CD-ROM slot status.
An incorrect bounds check in the CD-ROM driver could allow an out-of-bounds
access and kernel information leak to an unprivileged user.
Orabug: 28929777
* CVE-2016-3713: Privilege escalation in KVM MTRR emulation.
Incorrect validation of emulated MTRR MSRs can allow a guest VM to read
and write memory in the KVM host. This may allow a privileged guest to
gain code execution in the KVM host.
Orabug: 28901657
* CVE-2018-10902: Denial-of-service in ALSA rawmidi ioctl.
Race conditions in the SNDRV_RAWMIDI_IOCTL_PARAMS ioctl code could result
in memory corruption. This could be exploited to cause a denial-of-service.
Orabug: 28898650
* CVE-2018-1000204: Kernel information leak when performing SG_IO ioctl.
A vulnerability in the SCSI subsystem allows copying uninitialized
kernel memory to userspace. This could provide an attacker with
sensitive kernel information.
Orabug: 28892683
* CVE-2017-13168: Denial-of-service in sg read/write implementation.
An unsafe implementation of read/write in the sg driver can result in
userspace being able to corrupt Kernel memory. A local user with access
to an sg device could use this flaw to cause undefined behaviour or a
Kernel crash, leading to a denial-of-service.
Orabug: 28824742
* CVE-2018-10021: Denial-of-service in SAS device abort and failover.
Incorrect error handling when aborting or failing over a SAS device
could result in resource starvation and IO hangs. A physically present
malicious user could use this flaw to cause a denial of service.
Orabug: 28459689
* Divide by zero in Intel power state driver when scaling the frequency.
A logic error in the Intel power state driver could lead to a divide by
zero when timers are being delayed for too long. A local, un-privileged
user could use this flaw to cause a denial-of-service.
Orabug: 28005134
* CVE-2014-9728: Out-of-bounds memory accesses in UDF filesystem driver.
A lack of input validation in the UDF filesystem driver could lead to an
out-of-bound memory access and potentially to a kernel panic. An
attacker could use a specially crafted filesystem to cause a
denial-of-service.
Orabug: 21193696
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata
mailing list