From jamie.iles at oracle.com Tue Jun 5 11:26:20 2018 From: jamie.iles at oracle.com (Jamie Iles) Date: Tue, 05 Jun 2018 19:26:20 +0100 Subject: [Ksplice][Debian 7.0 Updates] New Ksplice updates for Debian 7.0 Wheezy (DLA-1392-1) Message-ID: <201806051826.w55IQOGB003301@aserv0122.oracle.com> Synopsis: DLA-1392-1 can now be patched using Ksplice CVEs: CVE-2017-18208 CVE-2018-1093 CVE-2018-10940 CVE-2018-1130 CVE-2018-8897 Systems running Debian 7.0 Wheezy can now use Ksplice to patch against the latest Debian kernel update, DLA-1392-1. INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running Debian 7.0 Wheezy install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2017-18208: Denial-of-service when using madvise system call. A logic error when using madvise system call with WILLNEED option on a Direct Access filesystem could lead to a deadlock. A local attacker could use this flaw to cause a denial-of-service. * CVE-2018-1130: Denial-of-service in DCCP message send. A logic error in the DCCP code could lead to a NULL pointer dereference when transmitting messages, leading to a kernel panic. An attacker could use this to cause a denial-of-service. * CVE-2018-10940: Information leak when checking if CD-ROM media changed. A missing check when user checks if CD-ROM media changed using an IOCTL could lead to an information leak. A local attacker could use this flaw to leak information about running kernel and facilitate an attack. * CVE-2018-1093: Denial-of-service in ext4 bitmap block validity check. A failure to correctly validate bitmap information from an ext4 filesystem can result in an out-of-bounds read, leading to a Kernel crash. A local user with the ability to mount an ext4 filesystem could use this flaw to cause a denial-of-service. * CVE-2018-8897: Denial-of-service in KVM breakpoint handling. Incorrect stack management of data watchpoints and breakpoints could allow an unprivileged user to crash the system. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com.