[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2019-4850)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Fri Nov 22 08:57:44 PST 2019
Synopsis: ELSA-2019-4850 can now be patched using Ksplice
CVEs: CVE-2017-15128 CVE-2017-18551 CVE-2019-11478 CVE-2019-14284 CVE-2019-14835 CVE-2019-15213 CVE-2019-15215 CVE-2019-15217 CVE-2019-15916 CVE-2019-16994 CVE-2019-16995 CVE-2019-17053 CVE-2019-17055
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-4850.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2019-4850.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2019-11478: Denial-of-service when receiving packets over tcp sockets.
A logic error when receiving packets over tcp sockets could lead to a
kernel assert. A local attacker could use this flaw to cause a
denial-of-service.
Orabug: 30317608
* CVE-2017-15128: Denial-of-service when handling page fault through userfaultfd.
Incorrect error handling during userfaultfd UFFDIO_COPY ioctl operation
leads to kernel crash. An attacker can exploit this to cause
denial-of-service.
Orabug: 27422557
* NULL pointer dereference when probing Lego Mindstorms infrared device.
A race condition when probing Lego Mindstorms infrared device can trigger
a NULL pointer dereference and cause a local denial of service.
Orabug: 27124665
* CVE-2019-14284: Denial-of-service in floppy disk formatting.
A division by zero in the setup_format_params function for the floppy
disk driver could result in a kernel crash. A local user with access to
the floppy disk device could use this flaw to crash the system.
Orabug: 30447843
* CVE-2019-15916: Denial-of-service in network device registration.
A missing free of resources when registering a kobject for a net device
fails could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a denial-of-service.
Orabug: 30350263
* CVE-2017-18551: Denial-of-service when reading data over I2C bus.
A missing check on user input when reading data over I2C bus could lead
to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.
Orabug: 30210503
* Denial-of-service in Reliable Datagram Socket Infiniband address checks.
Excessive resource usage when checking Reliable Datagram Socket
Infiniband addresses could result in memory exhaustion under specific
conditions.
Orabug: 30327671
* CVE-2019-15217: NULL pointer deference when using USB ZR364XX Camera driver.
A missing check when querying capabilities of USB ZR364XX Camera device
from user space could lead to a NULL pointer dereference. A local
attacker could use this flaw to cause a denial-of-service.
Orabug: 30532774
* CVE-2019-15215: Denial-of-service when disconnecting CPiA2 USB camera.
A use-after-free vulnerability in the V4L2 interface for CPiA2 USB
camera allows a malicious USB device to crash the kernel. An attacker
could exploit this to cause a denial-of-service.
Orabug: 30511741
* CVE-2019-15213: Denial-of-service when removing a USB DVB device.
A use-after-free when releasing a USB DVB device could lead to a kernel
crash. An attacker could exploit this to cause a denial-of-service by
plugging in a malicious USB device.
Orabug: 30490491
* CVE-2019-16994: Denial-of-service in IPv6-in-IPv4 tunnel registration.
A missing free of resources when registering an IPv6-in-IPv4 tunnel fails
could lead to a memory leak. A local attacker could use this flaw to
exhaust kernel memory and cause a denial-of-service.
Orabug: 30445305
* CVE-2019-17055: Permission bypass when creating a Modular ISDN socket.
A missing check on user capabilities when creating a Modular ISDN socket
could lead to a permission bypass.
Orabug: 30445158
* CVE-2019-17053: Permission bypass when creating a IEEE 802.15.4 socket.
A missing check on user capabilities when creating a IEEE 802.15.4
socket could lead to a permission bypass.
Orabug: 30444946
* Improved fix for Spectre v1: Bounds check bypass in Vhost ioctl.
A missing use of the indirect call protection macro in the vhost ioctl
code could lead to speculative execution. A locaal attacker could use
this flaw to leak information about the running system.
Orabug: 30312787
* CVE-2019-14835: Privilege escalation during live migration of guest.
A failure to check for guest creating a zero length queue in the vhost driver
can lead to a buffer overflow in the host kernel. A guest virtual machine
could use this flaw to crash the host or potentially escalate privileges when
the virtual machine is live migrated.
Orabug: 30312787
* Kernel crash on QLogic QLA2XXX device probe failure.
Incorrect error handling could result in a NULL pointer dereference when
failing to probe a QLogic QLA2XXX device leading to a kernel crash.
Orabug: 30161119
* Infiniband connection hang after failure.
Missing ARP cache flushing could result in persistent failure after
previously failing to establish a connection.
Orabug: 29994550
* CVE-2019-16995: Denial-of-service in HSR networking finalization.
Missing resource deallocation in the High-availability Seamless
Redundancy network core could result in memory exhaustion and eventual
crash.
Orabug: 30444853
* Kernel crash in OCFS2 direct IO cluster allocation.
Missing locking when allocating clusters during a direct IO operation
could result in triggering a kernel assertion and subsequent crash.
Orabug: 30036349
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata
mailing list