[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2019-4850)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Nov 22 08:57:44 PST 2019


Synopsis: ELSA-2019-4850 can now be patched using Ksplice
CVEs: CVE-2017-15128 CVE-2017-18551 CVE-2019-11478 CVE-2019-14284 CVE-2019-14835 CVE-2019-15213 CVE-2019-15215 CVE-2019-15217 CVE-2019-15916 CVE-2019-16994 CVE-2019-16995 CVE-2019-17053 CVE-2019-17055

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-4850.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2019-4850.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-11478: Denial-of-service when receiving packets over tcp sockets.

A logic error when receiving packets over tcp sockets could lead to a
kernel assert. A local attacker could use this flaw to cause a
denial-of-service.

Orabug: 30317608


* CVE-2017-15128: Denial-of-service when handling page fault through userfaultfd.

Incorrect error handling during userfaultfd UFFDIO_COPY ioctl operation
leads to kernel crash. An attacker can exploit this to cause
denial-of-service.

Orabug: 27422557


* NULL pointer dereference when probing Lego Mindstorms infrared device.

A race condition when probing Lego Mindstorms infrared device can trigger
a NULL pointer dereference and cause a local denial of service.

Orabug: 27124665


* CVE-2019-14284: Denial-of-service in floppy disk formatting.

A division by zero in the setup_format_params function for the floppy
disk driver could result in a kernel crash.  A local user with access to
the floppy disk device could use this flaw to crash the system.

Orabug: 30447843


* CVE-2019-15916: Denial-of-service in network device registration.

A missing free of resources when registering a kobject for a net device
fails could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a denial-of-service.

Orabug: 30350263


* CVE-2017-18551: Denial-of-service when reading data over I2C bus.

A missing check on user input when reading data over I2C bus could lead
to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.

Orabug: 30210503


* Denial-of-service in Reliable Datagram Socket Infiniband address checks.

Excessive resource usage when checking Reliable Datagram Socket
Infiniband addresses could result in memory exhaustion under specific
conditions.

Orabug: 30327671


* CVE-2019-15217: NULL pointer deference when using USB ZR364XX Camera driver.

A missing check when querying capabilities of USB ZR364XX Camera device
from user space could lead to a NULL pointer dereference. A local
attacker could use this flaw to cause a denial-of-service.

Orabug: 30532774


* CVE-2019-15215: Denial-of-service when disconnecting CPiA2 USB camera.

A use-after-free vulnerability in the V4L2 interface for CPiA2 USB
camera allows a malicious USB device to crash the kernel. An attacker
could exploit this to cause a denial-of-service.

Orabug: 30511741


* CVE-2019-15213: Denial-of-service when removing a USB DVB device.

A use-after-free when releasing a USB DVB device could lead to a kernel
crash. An attacker could exploit this to cause a denial-of-service by
plugging in a malicious USB device.

Orabug: 30490491


* CVE-2019-16994: Denial-of-service in IPv6-in-IPv4 tunnel registration.

A missing free of resources when registering an IPv6-in-IPv4 tunnel fails
could lead to a memory leak. A local attacker could use this flaw to
exhaust kernel memory and cause a denial-of-service.

Orabug: 30445305


* CVE-2019-17055: Permission bypass when creating a Modular ISDN socket.

A missing check on user capabilities when creating a Modular ISDN socket
could lead to a permission bypass.

Orabug: 30445158


* CVE-2019-17053: Permission bypass when creating a IEEE 802.15.4 socket.

A missing check on user capabilities when creating a IEEE 802.15.4
socket could lead to a permission bypass.

Orabug: 30444946


* Improved fix for Spectre v1: Bounds check bypass in Vhost ioctl.

A missing use of the indirect call protection macro in the vhost ioctl
code could lead to speculative execution. A locaal attacker could use
this flaw to leak information about the running system.

Orabug: 30312787


* CVE-2019-14835: Privilege escalation during live migration of guest.

A failure to check for guest creating a zero length queue in the vhost driver
can lead to a buffer overflow in the host kernel.  A guest virtual machine
could use this flaw to crash the host or potentially escalate privileges when
the virtual machine is live migrated.

Orabug: 30312787


* Kernel crash on QLogic QLA2XXX device probe failure.

Incorrect error handling could result in a NULL pointer dereference when
failing to probe a QLogic QLA2XXX device leading to a kernel crash.

Orabug: 30161119


* Infiniband connection hang after failure.

Missing ARP cache flushing could result in persistent failure after
previously failing to establish a connection.

Orabug: 29994550


* CVE-2019-16995: Denial-of-service in HSR networking finalization.

Missing resource deallocation in the High-availability Seamless
Redundancy network core could result in memory exhaustion and eventual
crash.

Orabug: 30444853


* Kernel crash in OCFS2 direct IO cluster allocation.

Missing locking when allocating clusters during a direct IO operation
could result in triggering a kernel assertion and subsequent crash.

Orabug: 30036349

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.





More information about the El-errata mailing list