[Ksplice][Debian 8.0 Updates] New Ksplice updates for Debian 8.0 Jessie (DLA 1529-1)

Oracle Ksplice ksplice-support_ww at oracle.com
Tue Feb 12 00:36:29 PST 2019 

Synopsis: DLA 1529-1 can now be patched using Ksplice
CVEs: CVE-2018-10021 CVE-2018-10323 CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-10902 CVE-2018-13093 CVE-2018-13094 CVE-2018-13405 CVE-2018-13406 CVE-2018-14609 CVE-2018-14617 CVE-2018-14633 CVE-2018-14634 CVE-2018-14678 CVE-2018-14734 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276 CVE-2018-16658 CVE-2018-17182 CVE-2018-3620 CVE-2018-3639 CVE-2018-3646 CVE-2018-5391 CVE-2018-6554 CVE-2018-6555 CVE-2018-7755 CVE-2018-9363 CVE-2018-9516

Systems running Debian 8.0 Jessie can now use Ksplice to patch against
the latest Debian kernel update, DLA 1529-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Debian 8.0
Jessie install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2018-15572: Information leak in context switches (SpectreRSB).

Missing RSB fills on some CPU families during context switch could allow
leaking of information between processes with a Spectre v2 attack.


* CVE-2018-9363: Remote code execution in Bluetooth HIDP driver.

An integer overflow in the Bluetooth HIDP driver could result in a
buffer overflow and memory corruption.  A remote user could use this
flaw to trigger a denial of service or potentially, gain code execution.


* CVE-2018-10021: Denial-of-service in SAS device abort and failover.

Incorrect error handling when aborting or failing over a SAS device
could result in resource starvation and IO hangs.  A physically present
malicious user could use this flaw to cause a denial of service.


* CVE-2018-10323: NULL pointer dereference when converting extents-format to B+tree in XFS filesystem.

A logic error when converting extents-format to B+tree in XFS filesystem
could lead to a NULL pointer dereference. A local attacker could use
this flaw with a crafted XFS image to cause a denial-of-service.


* CVE-2018-10876: Use-after-free when removing space in ext4 filesystem.

A logic error when removing space in ext4 filesystem could lead to a
use-after-free. A local attacker could use this flaw with a crafted ext4
image to cause a denial-of-service.


* CVE-2018-10877: Out-of-bounds access when using corrupted ext4 filesystem with abnormal extent tree.

A missing check when using corrupted ext4 filesystem with abnormal
extent tree could lead to an out-of-bounds access. A local attacker
could use this flaw with a crafted ext4 image to cause a
denial-of-service.


* CVE-2018-10878: Out-of-bounds access when initializing ext4 block bitmap.

A logic error when initializing ext4 block bitmap could lead to an
out-of-bounds access. A local attacker could use this flaw with a
crafted ext4 image to cause a denial-of-service.


* CVE-2018-10879: Use-after-free when setting extended attribute entry on ext4 filesystem.

A logic error when setting extended attribute entry on ext4 filesystem
could lead to a use-after-free. A local attacker could use this flaw
with a crafted ext4 filesystem to cause a denial-of-service.


* CVE-2018-10880: Out-of-bounds access when making inode space in ext4 filesystem.

A logic error when making inode space in ext4 filesystem could lead to
an out-of-bounds access. A local attacker could use this flaw with a
crafted ext4 image to cause a denial-of-service.


* CVE-2018-10881: Data corruption when using indirect blocks with ext4 filesystem.

A missing data zeroing when using indirect blocks with ext4 filesystem
could lead to data corruption or a kernel assert. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2018-10882: Out-of-bounds access when unmounting a crafted ext4 filesystem.

A logic error when unmounting a crafted ext4 filesystem could lead to an
out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2018-10883: Out-of-bounds access in ext4 block journal handling.

A logic error in ext4 block journal handling could lead to an
out-of-bounds access. A local attacker could use this flaw with a
crafted ext4 filesystem to cause a denial-of-service.


* CVE-2018-13405: Permissions bypass when creating file in SGID directory.

Creating an executable file in an SGID directory can result in the file
having the group ownership of the directory. This can be exploited to
elevate privileges if the file is created in a directory owned by a
privileged group.


* CVE-2018-14734: Use-after-free in Infiniband leave_multicast function.

A race condition in the infiniband code could allow the leave_multicast
function to use a structure that was allocated but subsequently freed in
the process_join function, leading to memory corruption and possible system
crash.


* CVE-2018-16276: Privilege escalation in USB Yurex read handler.

A logic error in the USB Yurex read handler code could allow the driver
to access userspace memory outside the bounds of the userspace buffer,
potentially leading to memory corruption or privilege escalation inside
userspace.


* CVE-2018-10902: Denial-of-service in ALSA rawmidi ioctl.

Race conditions in the SNDRV_RAWMIDI_IOCTL_PARAMS ioctl code could result
in memory corruption.  This could be exploited to cause a denial-of-service.


* CVE-2018-16658: Information leak in CD-ROM status ioctl.

An incorrect bounds check in the CD-ROM driver could allow an
out-of-bounds access and kernel information leak to an unprivileged
user.


* CVE-2018-13406: Denial-of-service due to overflow in VBE2+ video driver.

Failing to validate the size and number of entries in an array
allocation in the Video BIOS 2.0 driver could result in an overflowed
allocation and denial-of-service.


* CVE-2018-14609: NULL pointer dereference in BTRFS relocation cleanup.

A missing NULL pointer check could result in a kernel crash when
mounting a corrupted filesystem.  A user with the ability to mount
filesystems could use this flaw to crash the system with a maliciously
crafted image.


* CVE-2018-14617: Denial-of-service in HFS+ filesystem mounting.

A logic error when mounting an HFS+ filesystem could result in a NULL
pointer dereference and kernel crash.  A local user with the ability to
mount filesystems could use this flaw to crash the system with a
maliciously crafted filesystem image.


* CVE-2018-13094: NULL-pointer dereference when shrinking xfs inode.

When attempting to shrink an xfs inode for a file with corrupted
extended attributes, the non-existent attribute buffer might be
dereferenced, resulting in a denial-of-service.


* CVE-2018-6554: Denial-of-service in IRDA socket binding.

Repeated calls to bind() on an IRDA socket could cause a memory leak
resulting in a denial of service by a local, unprivileged user.


* CVE-2018-6555: Privilege escalation in IRDA setsockopt().

Missing liveness checks could result in a use-after-free when performing
setsockopt() on an IRDA socket.  A local, unprivileged user could use
this flaw to corrupt kernel memory and potentially escalate privileges.


* CVE-2018-7755: Information leak through floppy disk driver ioctl.

A logic error when using floppy disk driver ioctl could lead to a kernel
address leak.  A local attacker could use this flaw to get address of
running kernel and facilitate an attack.


* CVE-2018-9516: Denial-of-service in Bluetooth HIDP debug events.

Missing bounds checks in the Bluetooth HIDP debugfs functions could
result in an out of bounds access and kernel crash, triggerable by a
privileged user.


* CVE-2018-14633: Information leak in iSCSI CHAP authentication.

A stack overflow in the iSCSI CHAP authentication MD5 computation could
result in an out of bounds access and denial of service or potentially
leaking sensitive data by an unauthenticated remote user.


* CVE-2018-14634: Privilege escalation in ELF executables.

An integer overflow in the argument setup for a new ELF executable could
result in attacker controlled corruption of the user stack when
executing a SUID binary.  A local, unprivileged user could use this flaw
to gain superuser privileges.


* CVE-2018-5391: Remote denial-of-service in IP fragment handling.

A malicious remote user can use a flaw in IP fragment handling to starve
IP processing on the system causing loss of connectivity.


* CVE-2018-14678: Privilege escalation in Xen PV guests.

Incorrect register accounting during paravirtualized failsafe callbacks
could result in the use of uninitialized memory and a kernel crash or
potentially escalation of privileges in a paravirtualized guest.


* Note: Oracle will not be providing a zero downtime update for CVE-2018-15594

CVE-2018-15594 is a Spectre v2 leak in paravirt kernels.  This impacts
Xen and KVM VM guest kernels where retpoline is used as the Spectre v2
mitigation.  Enabling IBRS for Spectre v2 mitigation or upgrading to a
newer kernel mitigates CVE-2018-15594.


* CVE-2018-13093: NULL-pointer dereference when reusing inodes in xfs.

If an XFS filesystem becomes corrupted, the local inode cache might
attempt to re-allocate in-use inodes. This can result in a deadlock or
NULL-pointer dereference and denial-of-service.


* CVE-2018-17182: Privilege escalation in VMA cache flushing.

A failure to correctly invalidate the VMA cache when an integer overflow
occurs can result in a use-after-free. An unprivileged local user could
use this flaw to escalate privileges.


* CVE-2018-3639: Speculative Store Bypass information leak.

A hardware sidechannel with speculative stores could allow a malicious,
unprivileged user to leak the contents of privileged memory.

This update enables the speculative store bypass mitigation by default
when supported microcode is loaded and can be manually enabled/disabled
by writing 1/0 to /proc/sys/vm/ksplice_ssbd_control.  The
/proc/sys/vm/ksplice_ssbd_status file reports the current mitigation
status.


* CVE-2018-3620, CVE-2018-3646: Information leak in Intel CPUs under terminal fault (x86_64 only).

A flaw in terminal fault handling on Intel CPUs could result in
information leaks across privilege boundaries including between
processes on a system or between virtual machines.

NOTE: this update is not effective on non-64 bit systems.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Debian-8.0-Updates mailing list