[Ksplice][Debian 7.0 Updates] New Ksplice updates for Debian 7.0 Wheezy (DLA-1392-1)
Jamie Iles
jamie.iles at oracle.com
Tue Jun 5 11:26:20 PDT 2018
Synopsis: DLA-1392-1 can now be patched using Ksplice
CVEs: CVE-2017-18208 CVE-2018-1093 CVE-2018-10940 CVE-2018-1130 CVE-2018-8897
Systems running Debian 7.0 Wheezy can now use Ksplice to patch against
the latest Debian kernel update, DLA-1392-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Debian 7.0
Wheezy install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2017-18208: Denial-of-service when using madvise system call.
A logic error when using madvise system call with WILLNEED option on a
Direct Access filesystem could lead to a deadlock. A local attacker
could use this flaw to cause a denial-of-service.
* CVE-2018-1130: Denial-of-service in DCCP message send.
A logic error in the DCCP code could lead to a NULL pointer dereference
when transmitting messages, leading to a kernel panic. An attacker could
use this to cause a denial-of-service.
* CVE-2018-10940: Information leak when checking if CD-ROM media changed.
A missing check when user checks if CD-ROM media changed using an IOCTL
could lead to an information leak. A local attacker could use this flaw
to leak information about running kernel and facilitate an attack.
* CVE-2018-1093: Denial-of-service in ext4 bitmap block validity check.
A failure to correctly validate bitmap information from an ext4
filesystem can result in an out-of-bounds read, leading to a Kernel
crash. A local user with the ability to mount an ext4 filesystem could
use this flaw to cause a denial-of-service.
* CVE-2018-8897: Denial-of-service in KVM breakpoint handling.
Incorrect stack management of data watchpoints and breakpoints could
allow an unprivileged user to crash the system.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Debian-7.0-Updates
mailing list