[Ksplice][Debian 8.0 Updates] New Ksplice updates for Debian 8.0 Jessie (3.16.57-1)

Wed Jul 18 04:27:14 PDT 2018

Synopsis: 3.16.57-1 can now be patched using Ksplice
CVEs: CVE-2017-18208 CVE-2017-5753 CVE-2018-1000204 CVE-2018-10853 CVE-2018-1093 CVE-2018-10940 CVE-2018-1130 CVE-2018-11506 CVE-2018-12233 CVE-2018-3665 CVE-2018-5814

Systems running Debian 8.0 Jessie can now use Ksplice to patch against
the latest Debian kernel update, 3.16.57-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Debian 8.0
Jessie install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2018-1093: Denial-of-service in ext4 bitmap block validity check.

A failure to correctly validate bitmap information from an ext4
filesystem can result in an out-of-bounds read, leading to a Kernel
crash. A local user with the ability to mount an ext4 filesystem could
use this flaw to cause a denial-of-service.

* CVE-2018-1130: Denial-of-service in DCCP message send.

A logic error in the dccp code could lead to a NULL pointer dereference
when transmitting messages, leading to a kernel panic.  An attacker could
use this to cause a denial-of-service.

* CVE-2018-1000204: Kernel information leak when performing SG_IO ioctl.

A vulnerability in the SCSI subsystem allows copying uninitialized
kernel memory to userspace. This could provide an attacker with
sensitive kernel information.

* CVE-2018-11506: Out-of-bounds stack write in SCSI ioctl handler.

An improperly-sized stack buffer was being used to hold ioctl
information. A malicious user could exploit this and potentially
overwrite data on the stack.

* Improved fix for CVE-2017-5753: Speculative execution in posix timers.

The posix timers clock array is vulnerable to a Spectre variant 1
side-channel attack.  An attacker could exploit this flaw to read
arbitrary memory.

* CVE-2018-10940: Information leak when checking if CD-ROM media changed.

A missing check when user checks if CD-ROM media changed using an IOCTL
could lead to an information leak. A local attacker could use this flaw
to leak information about running kernel and facilitate an attack.

* CVE-2018-5814: Denial-of-service when registering USB devices using USB/IP.

Locking errors when registering USB devices using USB/IP could lead to a
NULL pointer dereference and a use-after-free. A local attacker could
use this flaw to cause a denial-of-service.

* CVE-2018-12233: Out-of-bounds access using extended attributes with JFS filesystem.

An incorrect size for buffer allocation could lead to an out-of-bounds
access when changing attributes on a JFS file from user space. An
unprivileged user could use this flaw to cause a denial-of-service.

* CVE-2017-18208: Denial-of-service when using madvise system call.

A logic error when using madvise system call with WILLNEED option on a
Direct Access filesystem could lead to a deadlock. A local attacker
could use this flaw to cause a denial-of-service.

* CVE-2018-10853: Privilege escalation in guest vm when executing privileged instructions.

A missing check on privilege when executing instructions from guest
userspace could lead to a privilege escalation to guest kernel. A local
attacker could use this flaw to cause a denial-of-service.

* CVE-2018-3665: Information leak in floating point registers.

An information leak from floating point registers when lazy FPU context
switching was performed could allow a malicious local user to gain
access to sensitive information across process boundaries.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.