[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (4.1.12-124.18.9)

[Errata Announcements for Oracle Linux]

Synopsis: 4.1.12-124.18.9 can now be patched using Ksplice
CVEs: CVE-2018-10021 CVE-2018-10938 CVE-2018-13405

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle kernel update, 4.1.12-124.18.9.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

Note: Oracle will not be providing a zero downtime update for
CVE-2018-15594, a Spectre v2 leak in paravirt kernels.  This impacts Xen
and KVM VM guest kernels where retpoline is used as the Spectre v2
mitigation.  Enabling IBRS for Spectre v2 mitigation or upgrading to a
newer kernel mitigates CVE-2018-15594.


DESCRIPTION

* CVE-2018-10021: Denial-of-service in SAS device abort and failover.

Incorrect error handling when aborting or failing over a SAS device
could result in resource starvation and IO hangs.  A physically present
malicious user could use this flaw to cause a denial of service.

Orabug: 28459685


* CVE-2018-13405: Permissions bypass when creating file in SGID directory.

Creating an executable file in an SGID directory can result in the file
having the group ownership of the directory. This can be exploited to
elevate privileges if the file is created in a directory owned by a
privileged group.

Orabug: 28459477


* Denial-of-service in ext4 xattr manipulation.

A logic error when expanding the size of an extended attribute can
cause a kernel deadlock or assertion fail which triggers a kernel panic.

Orabug: 25718971


* CVE-2018-10938: Remote denial-of-service in IPv4 options handling.

A flaw in IPv4 CIPSO option handling could cause an infinite loop,
allowing a remote attacker to trigger a denial of service with crafted
packets in some configurations.

Orabug: 28563992


* Memory corruption in BTRFS fsync error handling.

Incorrect error handling during fsync could result in invalid stack
memory dereferences and memory corruption under specific conditions.

Orabug: 28119834


* NULL pointer dereference in LSI SYM53C8XX SCSI driver.

Missing pointer checks in debug statements could result in a NULL
pointer dereference and kernel crash under specific conditions.

Orabug: 28481893


* Kernel hang in software RAID1 resync.

Incorrect handling of resynchronization could result in a RAID1 multiple
device volume failing to progress and causing a soft hang.

Orabug: 28529228


* Incorrect Spectre v2 mitigation reporting with noibrs boot option.

Booting the kernel with "noibrs" on the kernel command line could
incorrectly report the system as being vulnerable to spectre v2 despite
having the retpoline mitigation enabled.

Orabug: 28540376


* CVE-2018-13405: Permissions bypass when creating file in SGID directory.

Creating an executable file in an SGID directory can result in the file
having the group ownership of the directory. This can be exploited to
elevate privileges if the file is created in a directory owned by a
privileged group.

Orabug: 28459477

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.