[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2019-4729)

[Errata Announcements for Oracle Linux]

Synopsis: ELSA-2019-4729 can now be patched using Ksplice
CVEs: CVE-2018-20169 CVE-2019-11833 CVE-2019-12378 CVE-2019-12381

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-4729.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2019-4729.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-11833: Information leak in ext4 extent tree block.

A missing zeroing of uninitialized memory in ext4 extent tree block
could lead to an information leak. A local attacker could use this flaw
to leak information about running kernel and facilitate an attack.

Orabug: 29925523


* NULL pointer dereference in RDS connect completion.

Missing NULL pointer checks could result in a kernel crash when
completing an Infiniband RDS connection completion.

Orabug: 29924849


* Memory leak in the RDS Infiniband receive path when fragment size changes.

A missing release of ressources in the RDS Infiniband receive path when the
fragment size is updated leads to a memory leak.

Orabug: 30034815


* CVE-2019-12381, CVE-2019-12378: NULL pointer dereferences in the IP to socket glue.

Failures to check that a kmalloc succeeded when allocating a new router
alert in the IPv4 and IPv6 to socket glue code could lead to a NULL pointer
dereference.  A remote user on the same network could use this flaw to
cause a denial-of-service.

Orabug: 29926005, 29926057


* Denial-of-service in the Hyper-V Virtual SCSI driver on invalid Logic Unit Number.

A failure to properly mark an SCSI I/O as being invalid in the Hyper-V
Virtual SCSI driver could lead to a deadlock or infinite loop in the
kernel.

Orabug: 30052805


* CVE-2018-20169: Missing bound check when reading extra USB descriptors.

A failure to properly check the minimum and maximum size of an extra USB
descriptor in the USB sub-system could lead to reading or writing past
memory bounds.  An attacker with the ability to send specially crafted
extra descriptors from a USB device could use this flaw to escalate
privileges or cause a denial-of-service.

Orabug: 29755247


* Denial-of-service when KVM guest writes into the Spec MSR when not supported.

A logic error when rescanning the features after a late microcode upgrade
could lead to KVM allowing guests to write to the Spec MSR when it is not
supported on the host CPU.  This could lead to a guest crash or host crash
if the MSR writing is emulated.

Orabug: 29941248

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.