[Ksplice][Debian 9.0 Updates] New Ksplice updates for Debian 9.0 Stretch (4.9.65-3)
Oracle Ksplice
ksplice-support_ww at oracle.com
Mon Dec 11 13:05:52 PST 2017
Synopsis: 4.9.65-3 can now be patched using Ksplice
CVEs: CVE-2016-7097 CVE-2017-0786 CVE-2017-1000405 CVE-2017-12188 CVE-2017-12190 CVE-2017-12192 CVE-2017-12193 CVE-2017-13080 CVE-2017-14991 CVE-2017-15115 CVE-2017-15265 CVE-2017-15299 CVE-2017-15537 CVE-2017-15649 CVE-2017-15951 CVE-2017-16525 CVE-2017-16526 CVE-2017-16527 CVE-2017-16528 CVE-2017-16529 CVE-2017-16530 CVE-2017-16531 CVE-2017-16532 CVE-2017-16533 CVE-2017-16534 CVE-2017-16535 CVE-2017-16536 CVE-2017-16537 CVE-2017-16643 CVE-2017-16645 CVE-2017-16646 CVE-2017-16647 CVE-2017-16649 CVE-2017-16650 CVE-2017-16939 CVE-2017-16994
Systems running Debian 9.0 Stretch can now use Ksplice to patch
against the latest Debian kernel update, 4.9.65-3.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Debian 9.0
Stretch install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2016-7097: Permission bypass in Orange filesystem when setting POSIX ACLs.
A logic error when setting POSIX ACLs in the Orange filesystem causes
the set-group-ID to not be cleared. A local, unprivileged user could
use this flaw to escalate privileges.
* CVE-2017-14991: Information leak in SCSI Generic Support driver.
Failing to initialize buffer when performing ioctl call for /dev/sg0
results in stale kernel data leaked into userspace. This allows local
users to obtain sensitive information about kernel heap memory.
* CVE-2017-12192: Denial-of-service when reading negative key.
Invalid memory access when reading key negative from kernel key management
facility results in a crash. An unprivileged local user can exploit this
to cause denial-of-service.
* CVE-2017-15537: Information disclosure in FPU restoration after signal.
A failure to correctly handle an error case can result in a warning
being displayed and FPU information from another process being leaked. A
local user could use this flaw to facilitate a further attack.
* CVE-2017-16529: Out-of-bounds access due to corrupted buffer parsing in USB audio.
A failure to validate buffer descriptors from a USB audio device can
result in an out-of-bounds memory access.
* CVE-2017-16530: Out-of-bounds access in USB alternate setting enumeration.
A failure to correctly validate USB alternate information from a USB
device can result in an out-of-bounds memory access.
* CVE-2017-16534: Out-of-bounds access in USB CDC header parsing.
A failure to correctly validate a CDC header can result in an
out-of-bounds memory access.
* CVE-2017-16531: Out-of-bounds access in USB configuration parsing.
A failure to correctly validate a USB interface association description
can result in an out-of-bounds memory access.
* CVE-2017-16526: Denial-of-service in failed launch of UWB daemon.
A failure to handle an error case when launching the UWB management
daemon can result in an invalid pointer dereference leading to a kernel
crash.
* CVE-2017-15649: Privileges escalation using PACKET_FANOUT socket option.
A locking error when using PACKET_FANOUT option could lead to a race
condition. A local attacker could use this flaw with a crafted Fanout
system call to escalate privileges.
* CVE-2017-16533: Out-of-bounds access during parsing of Human Interface Device information.
A failure to validate information supplied by a USB device can result in
a out-of-bounds memory write, leading to undefined behaviour.
* CVE-2017-16527: Use-after-free when creating mixer for USB Audio device.
A missing free in error path when creating mixer for USB Audio device
could lead to a use-after-free. A local attacker could use a crafted USB
Audio device to cause a denial-of-service.
* CVE-2017-15265: Use-after-free in ALSA seq port creation.
Failure to increment a reference count error during creation of an ALSA
seq port can result in a use-after-free. A local user could use this
flaw to escalate privileges.
* CVE-2017-12190: Denial-of-service in block I/O page merging.
A failure to decrement a reference count when merging block I/O pages
can result in a memory leak. A local user could use this flaw to cause a
denial-of-service.
* CVE-2017-16535: Out-of-bounds memory access when reading USB descriptors.
A missing check when reading USB descriptors could lead to an
out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2017-15299: Denial-of-service in uninstantiated key configuration.
A failure to check whether or not a key is instantiated before
performing operations on it can result in a NULL pointer dereference,
leading to a kernel crash. A local user could use this flaw to cause a
denial-of-service.
* CVE-2017-15951: Denial-of-service when requesting a key in negative state.
A missing locking when requesting an already created key in negative
state could lead to a race condition. A local attacker could use this
flaw to cause a denial-of-service.
* CVE-2017-12193: Denial-of-service in generic associative array implementation.
A logic error when inserting a new entry into an associative array can
result in a NULL pointer dereference, leading to a Kernel crash. A local
user could use this flaw to cause a denial-of-service.
* CVE-2017-16532: NULL pointer dereference when running USB tests with a crafted USB device.
A missing check when running USB tests with a USB device exposing
invalid endpoints configuration could lead to a NULL pointer dereference.
A local attacker could use this flaw to cause a denial-of-service.
* CVE-2017-16528: Use-after-free when unbinding a MIDI sequencer device.
A missing cancelling of a work queue when unbinding a MIDI sequencer
device could lead to a use-after-free. A local attacker could use this
flaw to cause a denial-of-service.
* CVE-2017-15115: Use-after-free in SCTP peel off operation inside network namespace.
A logic error when performing an SCTP peel off operation from a network
namespace can result in an incorrect free, leading to a subsequent
use-after-free. A local user could use this flaw to cause a
denial-of-service, or potentially escalate privileges.
* CVE-2017-16994: Information leak when using mincore system call.
A logic error with huge TLBs when using mincore system call could lead
to an information leak. A local attacker could use this flaw to leak
information about running kernel and facilitate an attack.
* CVE-2017-0786: Privilege escalation in Broadcom WIFI driver.
A failure to validate the results of a scan could result in kernel
memory corruption. A remote attacker could use this flaw to escalate
privileges.
* CVE-2017-16525: Use-after-free in USB serial console setup failure.
A failure to handle an error case during USB serial console setup can lead to
a use-after-free.
* CVE-2017-12188: Out-of-bounds memory access during KVM page table walk.
A logic error in the page table management of KVM guests can result in
an out-of-bounds memory access. A guest virtual machine could use this
flaw to crash the host or potentially execute malicious code with host
privileges.
* CVE-2017-16643: Out-of-bounds access in GTCO CalComp/InterWrite USB tablet HID parsing.
A validation failure when parsing a HID report from a GTCO
CalComp/InterWrite USB tablet can result in an out-of-bounds memory
access. A user with physical access to a system could use this flaw to
cause undefined behaviour or potentially escalate privileges.
* CVE-2017-16939: Denial-of-service in IPSEC transform policy netlink dump.
A failure to handle an error case when dumping IPSEC transform
information via netlink can result in a Kernel crash. A local user with
the ability to administer an IPSEC tunnel could use this flaw to cause a
denial-of-service.
* CVE-2017-13080: Key Reinstallation Attacks (KRACK) on WPA2 protocol.
A weakness in the four-way handshake of the WPA2 protocol allows an
attacker within radio range to force reuse a nonce. This could allow he
attacker to eavesdrop on encrypted communications as well as inject and
manipulate data into a WiFi stream.
* CVE-2017-16645: Out-of-bounds access when using IMS Passenger Control Unit Devices.
A missing check when using IMS Passenger Control Unit Devices could
lead to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.
* CVE-2017-16537: NULL pointer dereference when registering SoundGraph iMON Receiver and Display driver.
A missing check when registering SoundGraph iMON Receiver and Display
driver could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.
* CVE-2017-16646: Denial-of-service when using DiBcom DiB0700 USB DVB devices.
Logic errors when using DiBcom DiB0700 USB DVB devices could lead to a
kernel panic. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2017-16649: Divide by zero when binding a network USB device.
A logic error when binding a network USB device could lead to a divide
by zero error. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2017-16650: Divide by zero error when binding a QMI WWAN USB device.
A missing check when binding a QMI WWAN network USB device could lead to
a divide by zero error. A local attacker could use this flaw to cause a
denial-of-service.
* CVE-2017-16647: NULL pointer dereference when suspending a ASIX AX88xxx Based USB 2.0 Ethernet Adapter.
A missing check when suspending a ASIX AX88xxx Based USB 2.0 Ethernet
Adapter could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.
* CVE-2017-16536: NULL pointer dereference when registering a Conexant cx231xx USB video device.
A missing check when probing a Conexant cx231xx USB video device could
lead to a NULL pointer dereference. A local attacker could use a crafted
USB device to cause a denial-of-service.
* CVE-2017-1000405: Privilege escalation when writing into a Transparent Huge Page.
A logic error in internal Transparent Huge Page handling of the kernel
could let an attacker overwrite read-only data and escalate privileges.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Debian-9.0-Updates
mailing list