[El-errata] New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2018-4300)

[Errata Announcements for Oracle Linux]

Synopsis: ELSA-2018-4300 can now be patched using Ksplice
CVEs: CVE-2014-9728 CVE-2016-3713 CVE-2017-13168 CVE-2017-17805 CVE-2017-17806 CVE-2018-1000204 CVE-2018-10021 CVE-2018-10902 CVE-2018-18710 CVE-2018-7755

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4300.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR3 3.8.13 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-17806: Denial-of-service in HMAC algorithms.

Invalid algorithm combinations could result in buffer overflows or other
undefined behaviour when using a keyed hash algorithm.  A local,
unprivileged user could use this flaw to crash the system, or
potentially, escalate privileges.

Orabug: 28976654


* CVE-2017-17805: Denial-of-service in SALSA20 block cipher.

Incorrect handling of zero length buffers could result in an invalid
pointer dereference and kernel crash.  A local, unprivileged user could
use this flaw to crash the system, or potentially, escalate privileges.

Orabug: 28976585


* CVE-2018-7755: Information leak through floppy disk driver ioctl.

A logic error when using floppy disk driver ioctl could lead to a kernel
address leak.  A local attacker could use this flaw to get address of
running kernel and facilitate an attack.


* CVE-2018-18710: Information leak when checking the CD-ROM slot status.

An incorrect bounds check in the CD-ROM driver could allow an out-of-bounds
access and kernel information leak to an unprivileged user.

Orabug: 28929777


* CVE-2016-3713: Privilege escalation in KVM MTRR emulation.

Incorrect validation of emulated MTRR MSRs can allow a guest VM to read
and write memory in the KVM host. This may allow a privileged guest to
gain code execution in the KVM host.

Orabug: 28901657


* CVE-2018-10902: Denial-of-service in ALSA rawmidi ioctl.

Race conditions in the SNDRV_RAWMIDI_IOCTL_PARAMS ioctl code could result
in memory corruption.  This could be exploited to cause a denial-of-service.

Orabug: 28898650


* CVE-2018-1000204: Kernel information leak when performing SG_IO ioctl.

A vulnerability in the SCSI subsystem allows copying uninitialized
kernel memory to userspace. This could provide an attacker with
sensitive kernel information.

Orabug: 28892683


* CVE-2017-13168: Denial-of-service in sg read/write implementation.

An unsafe implementation of read/write in the sg driver can result in
userspace being able to corrupt Kernel memory. A local user with access
to an sg device could use this flaw to cause undefined behaviour or a
Kernel crash, leading to a denial-of-service.

Orabug: 28824742


* CVE-2018-10021: Denial-of-service in SAS device abort and failover.

Incorrect error handling when aborting or failing over a SAS device
could result in resource starvation and IO hangs.  A physically present
malicious user could use this flaw to cause a denial of service.

Orabug: 28459689


* Divide by zero in Intel power state driver when scaling the frequency.

A logic error in the Intel power state driver could lead to a divide by
zero when timers are being delayed for too long.  A local, un-privileged
user could use this flaw to cause a denial-of-service.

Orabug: 28005134


* CVE-2014-9728: Out-of-bounds memory accesses in UDF filesystem driver.

A lack of input validation in the UDF filesystem driver could lead to an
out-of-bound memory access and potentially to a kernel panic. An
attacker could use a specially crafted filesystem to cause a
denial-of-service.

Orabug: 21193696

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.