[El-errata] New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2019-4316)

[Errata Announcements for Oracle Linux]

Synopsis: ELSA-2019-4316 can now be patched using Ksplice
CVEs: CVE-2015-7837 CVE-2016-3841 CVE-2017-14051 CVE-2017-17450 CVE-2018-1000004 CVE-2018-1092 CVE-2018-5848 CVE-2018-7995 CVE-2018-9516

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-4316.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR3 3.8.13 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2018-7995: Denial-of-service when accessing CPU MCE sysfs entries.

A race condition when accessing CPU Machine Check sysfs entries could
lead to a kernel panic. A local attacker could use this flaw to cause a
denial-of-service.

Orabug: 29152249


* CVE-2018-9516: Denial-of-service in Bluetooth HIDP debug events.

Missing bounds checks in the Bluetooth HIDP debugfs functions could
result in an out of bounds access and kernel crash, triggerable by a
privileged user.

Orabug: 29128167


* CVE-2018-5848: Privilege escalation in the Wilocity Atheros driver.

Improper length validation could lead to integer overflow and undefined
behaviour.  A local user could use this flaw to cause a memory corruption
and potentially escalate privileges.

Orabug: 29060697


* CVE-2017-17450: Unprivileged access to netlink namespaces.

A missing permission check in the netfilter xt_osf code allows an
unprivileged user to create user and net namespaces without the proper
permissions.

Orabug: 29037832


* Improved fix for CVE-2018-1000004: Denial-of-service in ALSA sequencer.

A race condition in the ALSA sequencer subsystem leads to use-after-free
and subsequent memory corruption. This could allow an attacker to cause
a denial-of-service and possibly escalate privilege.

Orabug: 29005190


* CVE-2018-1092: NULL pointer dereference when using unallocated root directory on ext4 filesystem.

A missing check when using unallocated root directory on ext4 filesystem
could lead to a NULL pointer dereference. A local attacker could mount a
crafted ext4 filesystem and cause a denial-of-service.

Orabug: 28220433


* CVE-2017-14051: Denial-of-service in qla2xxx sysfs handler.

A failure to validate information from userspace can result in an
unbounded kernel memory allocation. A local user could use this flaw to
cause memory exhaustion or a kernel crash, resulting in a
denial-of-service.

Orabug: 28220420


* CVE-2016-3841: Use-after-free accessing the IPv6 transmit options.

Incorrect locking when accessing the IPv6 options in various places in the
network stack could lead to a user-after-free on concurrent destruction.  A
local user could use this flaw to cause a denial-of-service or potentially
escalate privileges.

Orabug: 25059183


* CVE-2015-7837: Secure boot bypass via kexec.

A logic error in kexec can result in a newly booted kernel to not
inherit secure boot protections. A privileged user could use this flaw
to bypass secure boot restrictions.

Orabug: 22066352


* Update Oracle Linux kernel signing key.

This update adds the Oracle Linux 7.6 signing key to the kernel trusted keying.
It allows an Oracle Linux kernel signed with an old key to kexec into a kernel
signed with the new key.

Orabug: 28926205

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.