[El-errata] New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2019-4643)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed May 22 11:04:50 PDT 2019 

Synopsis: ELSA-2019-4643 can now be patched using Ksplice
CVEs: CVE-2018-19985 CVE-2019-10124

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-4643.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-10124: Denial-of-service when soft offlining a transparent huge page.

A refcount error when soft offlining a transparent huge page could lead
to a kernel assert. A local attacker could use this flaw to cause a
denial-of-service.

Orabug: 29613794


* CVE-2018-19985: Out-of-bounds memory access in USB High Speed Mobile device driver.

A missing length check in the hso_probe can lead to an out-of-bounds
memory access.  This could cause a system to exhibit unexpected
behavior.

Orabug: 29613788


* Out-of-bounds access when configuring vport in Mellanox Technologies MLX5 SRIOV E-Switch driver.

A logic error when setting vport rate in Mellanox Technologies MLX5
SRIOV E-Switch driver could lead to an out-of-bounds access. A local
attacker could use this flaw to cause a denial-of-service.

Orabug: 29455439


* Missing hypervisor Spectre v4 mitigations with IBRS disabled.

A logic error could result in Spectre v4 mitigations being disabled on a
hypervisor when retpoline was being used to mitigate Spectre v2.

Orabug: 29642112


* Denial-of-service in Xen network device with empty fragments.

In incorrect assertion in the Xen network frontend driver could result
in crashing the kernel on a zero byte fragment.  A local user could use
this flaw to crash the system.


* Denial-of-service in Xen network device with excessive fragments.

Incorrect handling of a network transmission with too many fragments
could result in triggering a kernel assertion and crashing the system.

Orabug: 29462653


* Kernel crash in bonded network device kernel diagnostics.

Missing ratelimiting on the bonded network device code could result in
excessive noise and contention resulting in deadlocks and a kernel crash
under specific conditions.

Orabug: 29016284


* Kernel crash in XFS extended attribute listing.

Missing range checks when listing XFS extended attributes could result
in an out-of-bounds access leading to memory corruption and a kernel
crash, or potentially, privilege escalation.

Orabug: 29697225

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list