[Ksplice][Debian 9.0 Updates] New Ksplice updates for Debian 9.0 Stretch (DSA-4073-1)
Oracle Ksplice
ksplice-support_ww at oracle.com
Sun Dec 24 13:33:27 PST 2017
Synopsis: DSA-4073-1 can now be patched using Ksplice
CVEs: CVE-2017-1000407 CVE-2017-1000410 CVE-2017-16538 CVE-2017-16644 CVE-2017-16995 CVE-2017-17448 CVE-2017-17449 CVE-2017-17450 CVE-2017-17558 CVE-2017-17712 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806 CVE-2017-17807 CVE-2017-17862 CVE-2017-17863 CVE-2017-17864 CVE-2017-8824
Systems running Debian 9.0 Stretch can now use Ksplice to patch
against the latest Debian Security Advisory, DSA-4073-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Debian 9.0
Stretch install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2017-8824: Privileges escalation when calling connect() system call on a DCCP socket.
A missing free when calling connect() system call on a DCCP socket while it is
in DCCP_LISTEN state could lead to a use-after-free. A local attacker
could use this flaw to escalate privileges.
* CVE-2017-16538: Denial-of-service in DVB-USB subsystem.
A missing warm-start check and incorrect attach timing allows local
users to cause a denial of service (general protection fault and system
crash) or possibly have unspecified other impact via a crafted USB
device.
* CVE-2017-17448: Unprivileged access to netlink namespace creation.
net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4
does not require the CAP_NET_ADMIN capability for new, get, and del
operations, which allows local users to bypass intended access
restrictions because the nfnl_cthelper_list data structure is shared
across all net namespaces.
* CVE-2017-17449: Missing permission check in netlink monitoring.
Netlink monitoring is not correctly restricted to the local namespace.
Nlmon can currently be used to sniff packets on the entire system.
* CVE-2017-17450: Unprivileged access to netlink namespaces.
A missing permission check in the netfilter xt_osf code allows an
unprivileged user to create user and net namespaces without the proper
permissions.
* CVE-2017-17558: Buffer overrun in USB core via integer overflow.
Failing to sanitize the bNumInterfaces field in a USB device descriptor
could allow a malicious device to induce a buffer overrun, potentially
causing a denial-of-service.
* CVE-2017-17807: Permissions bypass when requesting key on default keyring.
When calling request_key() with no keyring specified, the requested key
is generated and added to the keyring even if the user does not have
write permissions.
* CVE-2017-1000407: Denial-of-service from KVM guest on Intel processors.
A KVM guest on Intel VMX processors could flood the I/O port 0x80 with
write requests, leading to a host crash. An attacker could use this flaw
to cause a host denial-of-service from the guest.
* CVE-2017-17862: Denial-of-service in BPF verifier.
Failure to verify unreachable code could result in a denial-of-service
when performing JIT compilation of a BPF program. A local, unprivileged
user could use this flaw to crash the system.
* CVE-2017-17863: Privilege escalation in BPF verification.
Incorrect modeling of pointer arithmetic with the stack pointer could
result in an out-of-bounds access. A local, unprivileged user could use
this flaw to execute code.
* CVE-2017-16995: Privilege escalation in BPF 32-bit loads.
Incorrect sign extension of 32-bit loads could allow a local,
unprivileged user to execute arbitrary code and escalate privileges.
* CVE-2017-17864: Information leak in BPF conditional verification.
Invalid equality checks when comparing values when verifying a BPF
program could allow a local, unprivileged user to leak the contents of
kernel memory.
* CVE-2017-16644: Denial-of-service in Hauppauge HD PVR driver.
Incorrect error handling during device probe for a Hauppauge HD PVR
device could result in a kernel crash. A user with physical access to
the system and a malicious device could use this flaw to crash the
system.
* CVE-2017-17712: Information leak in raw IPV4 socket sendmsg().
A race condition in the raw_sendmsg() call for IPV4 raw sockets could
allow a local user to leak the contents of kernel memory.
* CVE-2017-17805: Denial-of-service in SALSA20 block cipher.
Incorrect handling of zero length buffers could result in an invalid
pointer dereference and kernel crash. A local, unprivileged user could
use this flaw to crash the system, or potentially, escalate privileges.
* CVE-2017-17806: Denial-of-service in HMAC algorithms.
Invalid algorithm combinations could result in buffer overflows or other
undefined behaviour when using a keyed hash algorithm. A local,
unprivileged user could use this flaw to crash the system, or
potentially, escalate privileges.
* CVE-2017-1000410: Information leak in Bluetooth L2CAP messages.
Incorrect handling of short EFS elements in an L2CAP message could allow
an attacker to leak the contents of kernel memory.
* CVE-2017-17741: Denial-of-service in kvm_mmio tracepoint.
An out-of-bounds access in the kvm_mmio tracepoint could result in a
kernel crash. A malicious guest could use this flaw to crash the
virtualization host.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Debian-9.0-Updates
mailing list