[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2018-4299)

[Errata Announcements for Oracle Linux]

Synopsis: ELSA-2018-4299 can now be patched using Ksplice
CVEs: CVE-2017-17805 CVE-2017-17806 CVE-2018-10902 CVE-2018-13094 CVE-2018-18690 CVE-2018-7755

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4299.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-17806: Denial-of-service in HMAC algorithms.

Invalid algorithm combinations could result in buffer overflows or other
undefined behaviour when using a keyed hash algorithm.  A local,
unprivileged user could use this flaw to crash the system, or
potentially, escalate privileges.

Orabug: 28976653


* CVE-2017-17805: Denial-of-service in SALSA20 block cipher.

Incorrect handling of zero length buffers could result in an invalid
pointer dereference and kernel crash.  A local, unprivileged user could
use this flaw to crash the system, or potentially, escalate privileges.

Orabug: 28976583


* CVE-2018-7755: Information leak through floppy disk driver ioctl.

A logic error when using floppy disk driver ioctl could lead to a kernel
address leak.  A local attacker could use this flaw to get address of
running kernel and facilitate an attack.

Orabug: 28956547


* CVE-2018-18690: XFS filesystem failure during extended attribute replacement.

Incorrect handling of extended attribute replacement on an XFS
filesystem could result in a filesystem shutdown.  A local, unprivileged
user could use this flaw to trigger a denial of service.

Orabug: 28924091


* CVE-2018-10902: Denial-of-service in ALSA rawmidi ioctl.

Race conditions in the SNDRV_RAWMIDI_IOCTL_PARAMS ioctl code could result
in memory corruption.  This could be exploited to cause a denial-of-service.

Orabug: 28898636


* CVE-2018-13094: NULL-pointer dereference when shrinking xfs inode.

When attempting to shrink an xfs inode for a file with corrupted
extended attributes, the non-existent attribute buffer might be
dereferenced, resulting in a denial-of-service.

Orabug: 28898616


* Update Oracle Linux kernel signing key.

This update adds the Oracle Linux 7.6 signing key to the kernel trusted keying.
It allows an Oracle Linux kernel signed with an old key to kexec into a kernel
signed with the new key.


* Memory corruption in TCP fragment reassembly.

A logic error when reassembling TCP fragments can result in corrupt data being
sent to userspace.

Orabug: 28960296

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.