[Ksplice][Debian 7.0 Updates] New Ksplice updates for Debian 7.0 Wheezy (DLA-1369-1)

Oracle Ksplice ksplice-support_ww at oracle.com
Thu May 10 12:54:28 PDT 2018 

Synopsis: DLA-1369-1 can now be patched using Ksplice
CVEs: CVE-2017-0861 CVE-2017-13166 CVE-2017-16526 CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017 CVE-2017-18203 CVE-2017-18216 CVE-2018-1000004 CVE-2018-1000199 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332 CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927 CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757 CVE-2018-7995 CVE-2018-8781 CVE-2018-8822

Systems running Debian 7.0 Wheezy can now use Ksplice to patch against
the latest Debian kernel update, DLA-1369-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Debian 7.0
Wheezy install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-0861: Use-after-free in ALSA sound subsystem.

A race condition when closing an ALSA device descriptor could cause a
use-after-free, potentially allowing an attacker to write to protected
memory and cause a privilege escalation.


* CVE-2017-16526: Denial-of-service in failed launch of UWB daemon.

A failure to handle an error case when launching the UWB management
daemon can result in an invalid pointer dereference leading to a kernel
crash.


* CVE-2017-16911: Information disclosure in USB over IP HCI status report.

A failure to correctly sanitize information reported by the Kernel about
USB over IP HCI device can result in a sensitive memory address being
disclosed to userspace. A local, unprivileged user could use this flaw
to facilitate a further attack.


* CVE-2017-16912, CVE-2017-16913: Denial-of-service in USBIP command validation.

A validation error when parsing information from an USB over IP packet
can result in an out-of-bounds memory access leading to a Kernel crash.
A remote USB over IP client could use this flaw to cause a
denial-of-service.


* CVE-2017-16914: Denial-of-service in USB over IP NULL transfer buffer handling.

A failure to correctly validate a NULL transfer buffer in the USB over
IP subsystem can result in a NULL pointer dereference, leading to a
Kernel crash. A local user with access to a USB over IP device could use
this flaw to cause a denial-of-service.


* CVE-2017-18017: Use-after-free when using TCPMSS Netfilter.

A missing check in the netfilter TCP MSS code could lead to a
use-after-free condition.  A remote attacker could exploit this
to cause a denial of service.


* CVE-2017-18203: Denial-of-service during device mapper destruction.

A race condition between creation and destruction of device mapper
objects can result in an assertion failure, leading to a kernel crash. A
local user could use this flaw to cause a denial-of-service.


* CVE-2017-18216: NULL pointer dereference while deleting OCFS2 node.

A race condition when deleting OCFS2 node could lead to a NULL pointer
dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2018-1000199: Privilege escalation when changing hardware breakpoints through ptrace.

Lack of proper validation of hardware breakpoints inserted through ptrace
could cause debug registers corruption.  An unprivileged user could use
this flaw to crash the system or escalate privileges.


* CVE-2018-1068: Privilege escalation when configuring bridge filtering.

Lack of input validation when configuring bridge filtering from a 32 bits
compat syscall could lead to an out-of-bounds write.  Unprivileged users
with the ability to create namespaces could use this flaw to escalate
privileges.


* CVE-2018-1092: NULL pointer dereference when using unallocated root directory on ext4 filesystem.

A missing check when using unallocated root directory on ext4 filesystem
could lead to a NULL pointer dereference. A local attacker could mount a
crafted ext4 filesystem and cause a denial-of-service.


* CVE-2018-5332: Out-of-bounds write when sending messages through Reliable Datagram Sockets.

A missing check when sending messages through Reliable Datagram Sockets
could lead to an out-of-bounds write in the heap. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2018-5333: NULL pointer dereference when freeing resources in Reliable Datagram Sockets driver.

A missing check when freeing resources in Reliable Datagram Sockets
driver could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2018-5750: Information leak when registering ACPI Smart Battery System driver.

A too verbose printk when registering ACPI Smart Battery System driver
leaks kernel addresses. A local attacker could use this flaw to
leak information about running kernel and facilitate an attack.


* CVE-2018-5803: Denial-of-service when receiving forged packet over SCTP socket.

A missing check when receiving a forged packet with custom properties
over SCTP socket could lead to a kernel assert. A remote attacker could
use this flaw to cause a denial-of-service.


* CVE-2018-6927: Integer overflow when re queuing a futex.

A missing check when calling futex system call with "requeue" option could
lead to an integer overflow. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2018-7492: NULL pointer dereference when setting options for RDS over Infiniband socket.

A missing check when setting RDS_GET_MR option for RDS over Infiniband
socket could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2018-7566, CVE-2018-1000004: Denial-of-service in ALSA sequencer library.

Multiple race conditions in the ALSA sequencer library could lead to
use-after-free or out-of-bounds memory accesses.  A local user could use
these flaws to cause a denial-of-service or potentially escalate
privileges.


* CVE-2018-7740: Denial-of-service when using remap_file_pages() system call.

A logic error in HugeTLB file system when using remap_file_pages()
system call could lead to a kernel assert. A local attacker could use
this flaw to cause a denial-of-service.


* CVE-2018-7757: Memory leak when reading invalid_dword_count attribute of SAS Domain Transport driver.

A missing free when reading invalid_dword_count attribute of SAS Domain
Transport driver could lead to a memory leak. A local attacker could use
this flaw to exhaust kernel memory and cause a denial-of-service.


* CVE-2018-7995: Denial-of-service when accessing CPU MCE sysfs entries.

A race condition when accessing CPU Machine Check sysfs entries could
lead to a kernel panic. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2018-8781: Integer overflow when mapping memory in USB Display Link video driver.

A missing check on user input when mapping memory in USB Display Link
video driver could lead to an integer overflow. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2018-8822: Denial-of-service in NCP filesystem server during mmap.

A failure to verify bounds in the NCP filesystem on the server side
could lead to memory corruption and a kernel panic.  This could be
exploited to cause a denial-of-service.


* CVE-2017-13166: Privilege escalation when using V4L2 ioctls.

Logic errors in multiple V4L2 ioctls could lead to arbitrary execution
of user space defined addresses. A local attacker could use this flaw to escalate
privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Debian-7.0-Updates mailing list