[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2019-4315)

[Errata Announcements for Oracle Linux]

Synopsis: ELSA-2019-4315 can now be patched using Ksplice
CVEs: CVE-2017-9725 CVE-2018-1092 CVE-2018-18221 CVE-2018-18255 CVE-2018-7995 CVE-2018-9363 CVE-2018-9516

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-4315.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2018-7995: Denial-of-service when accessing CPU MCE sysfs entries.

A race condition when accessing CPU Machine Check sysfs entries could
lead to a kernel panic. A local attacker could use this flaw to cause a
denial-of-service.

Orabug: 29149888


* CVE-2018-9516: Denial-of-service in Bluetooth HIDP debug events.

Missing bounds checks in the Bluetooth HIDP debugfs functions could
result in an out of bounds access and kernel crash, triggerable by a
privileged user.

Orabug: 29128165


* CVE-2018-9363: Remote code execution in Bluetooth HIDP driver.

An integer overflow in the Bluetooth HIDP driver could result in a
buffer overflow and memory corruption.  A remote user could use this
flaw to trigger a denial of service or potentially, gain code execution.

Orabug: 29121215


* CVE-2018-1092: NULL pointer dereference when using unallocated root directory on ext4 filesystem.

A missing check when using unallocated root directory on ext4 filesystem
could lead to a NULL pointer dereference. A local attacker could mount a
crafted ext4 filesystem and cause a denial-of-service.

Orabug: 29048557


* CVE-2017-9725: Memory corruption in contiguous memory allocation.

A type conversion error when allocating contiguous memory for Direct
Memory Access can result in memory corruption outside of the allocated
memory. A local user could use this flaw to cause undefined behavior or
a Kernel crash.

Orabug: 28407826


* CVE-2018-18255: Integer overflow when setting allocated CPU time for perf events.

A missing check on user input when setting allocated CPU time for perf
events could lead to an integer overflow. A local attacker could use
this flaw to cause a denial-of-service.

Orabug: 27823815


* CVE-2018-18221: Denial-of-service using mlockall and munlockall syscalls.

The mlockall and munlockall syscalls contain unmatched changes to the
NR_MLOCK accounting value. By repeatedly calling these syscalls, a
malicious user can cause a denial-of-service.

Orabug: 27677611

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.