[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2019-4575)

Wed Mar 13 13:09:07 PDT 2019

Synopsis: ELSA-2019-4575 can now be patched using Ksplice
CVEs: CVE-2017-17807 CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-16862 CVE-2018-18559 CVE-2018-9568

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-4575.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2018-10877: Out-of-bounds access when using corrupted ext4 filesystem with abnormal extent tree.

A missing check when using corrupted ext4 filesystem with abnormal
extent tree could lead to an out-of-bounds access. A local attacker
could use this flaw with a crafted ext4 image to cause a
denial-of-service.

Orabug: 29396712

* CVE-2018-18559: Denial-of-service when binding a packet on a socket while a notification is raised.

A race condition when binding a packet on a socket while a notification
is raised on this socket could lead to a kernel assert. A local attacker
could use this flaw to cause a denial-of-service.

Orabug: 29385593

* CVE-2018-16862: Potential memory corruption in inode truncation path.

A logic error in the memory manager's inode truncation path can lead to
an inode not being properly cleaned up.  If another file is created with
the same inode, it is possible to read old leftover data, instead of
the expected data, when attempting to read the new file.  This could
cause a system to exhibit unexpected behavior.

Orabug: 29364670

* CVE-2017-17807: Permissions bypass when requesting key on default keyring.

When calling request_key() with no keyring specified, the requested key
is generated and added to the keyring even if the user does not have
write permissions.

Orabug: 29304551

* CVE-2018-10878: Out-of-bounds access when initializing ext4 block bitmap.

A logic error when initializing ext4 block bitmap could lead to an
out-of-bounds access. A local attacker could use this flaw with a
crafted ext4 image to cause a denial-of-service.

Orabug: 29428607

* CVE-2018-10876: Use-after-free when removing space in ext4 filesystem.

A logic error when removing space in ext4 filesystem could lead to a
use-after-free. A local attacker could use this flaw with a crafted ext4
image to cause a denial-of-service.

Orabug: 29316684

* CVE-2018-9568: Privilege escalation in IPv6 to IPv4 socket cloning.

A logic error when transforming an IPv6 socket to an IPv4 socket can
result in releasing memory into the wrong cache. This flaw can result in
privilege escalation.

Orabug: 29422739

* NULL pointer dereference when freeing irq in Broadcom NetXtreme-C/E driver.

A logic error when freeing irq in Broadcom NetXtreme-C/E driver fails
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.

Orabug: 29357977

* Packet loss on ingress on an unmanaged L2TP over IP tunnel interface.

A missing check when receiving packets on an unmanaged L2TP over IP
tunnel interface could lead to packet loss.

Orabug: 29368048

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.