[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2019-4642)

[Errata Announcements for Oracle Linux]

Synopsis: ELSA-2019-4642 can now be patched using Ksplice
CVEs: CVE-2015-5327 CVE-2017-18360 CVE-2017-7308 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-14634 CVE-2018-19985 CVE-2019-11091 CVE-2019-11190

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-4642.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Improved update to CVE-2019-11091, CVE-2018-12126, CVE-2018-12130, CVE-2018-12127: Microarchitectural Data Sampling.

The previous kernel mitigation for MDS did not correctly flush the
microarchitectural buffers on return to user-space, potentially leaving the
system vulnerable.


* CVE-2019-11190: Information leak using a setuid program and accessing process stats.

A late setup of credentials when running a setuid program could let an
attacker dump /proc/<pid>/stat and get more information about running
kernel.

Orabug: 29677233


* Missing hypervisor Spectre v4 mitigations with IBRS disabled.

A logic error could result in Spectre v4 mitigations being disabled on a
hypervisor when retpoline was being used to mitigate Spectre v2.

Orabug: 29642113


* CVE-2018-19985: Out-of-bounds memory access in USB High Speed Mobile device driver.

A missing length check in the hso_probe can lead to an out-of-bounds
memory access.  This could cause a system to exhibit unexpected
behavior.

Orabug: 29605982


* CVE-2017-18360: Divide-by-zero error when setting port option of USB Inside Out Edgeport Serial Driver.

A missing check when setting port option of USB Inside Out Edgeport
Serial Driver could lead to a divide-by-zero error. A local attacker
could use this flaw to cause a denial-of-service.

Orabug: 29487834


* Spectre v2 bypass with EIBRS support.

A logic error could cause EIBRS to be disabled on new CPUs with
EIBRS support when using prctl() for Spectre v4 mitigations.

Orabug: 29526401


* Kernel crash in Spectre v2 speculation control on KVM hosts.

An incorrect memory dereference could result in reading from an invalid
address and writing an undefined value to a model specific register or
reading from unmapped memory leading to a kernel crash.

Orabug: 29526401


* Incorrect return value during CPU microcode updates.

Incorrect error reporting during microcode updates when the CPU was
already running the latest microcode revision could propagate spurious
errors to user-space.

Orabug: 29759756


* SCSI disk IO failures after max_sectors_kb modification.

Missing validation of the max_sectors_kb setting for a SCSI device could
result in unsupported values being used and subsequent IO failures.

Orabug: 29596510


* CVE-2015-5327: Kernel crash in X.509 certificate time validation.

A logic error when validating times on an X.509 certificate could result
in an out-of-bounds memory access and kernel crash or information leak.

Orabug: 29460344

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.