[Ksplice][Debian 9.0 Updates] New Ksplice updates for Debian 9.0 Stretch (4.9.110-1)

Oracle Ksplice ksplice-support_ww at oracle.com
Tue Jul 17 00:30:04 PDT 2018 

Synopsis: 4.9.110-1 can now be patched using Ksplice
CVEs: CVE-2017-5753 CVE-2018-1000204 CVE-2018-10021 CVE-2018-10087 CVE-2018-10124 CVE-2018-10853 CVE-2018-10876 CVE-2018-10877 CVE-2018-10878 CVE-2018-10879 CVE-2018-10880 CVE-2018-10881 CVE-2018-10882 CVE-2018-10883 CVE-2018-10940 CVE-2018-1118 CVE-2018-1120 CVE-2018-1130 CVE-2018-11506 CVE-2018-12233 CVE-2018-18255 CVE-2018-3639 CVE-2018-5814

Systems running Debian 9.0 Stretch can now use Ksplice to patch
against the latest Debian kernel update, 4.9.110-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Debian 9.0
Stretch install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2018-3639: Speculative Store Bypass information leak.

A hardware sidechannel with speculative stores could allow a malicious,
unprivileged user to leak the contents of privileged memory.

This update enables the speculative store bypass mitigation by default
when supported microcode is loaded and can be manually enabled/disabled
by writing 1/0 to /proc/sys/vm/ksplice_ssbd_control.  The
/proc/sys/vm/ksplice_ssbd_status file reports the current mitigation
status.


* CVE-2018-10124: Denial-of-service when using kill() syscall with a too big pid.

A missing check on user input when using kill() syscall with a pid
number higher than integer limit could lead to an overflow. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2018-1000204: Kernel information leak when performing SG_IO ioctl.

A vulnerability in the SCSI subsystem allows copying uninitialized
kernel memory to userspace. This could provide an attacker with
sensitive kernel information.


* CVE-2018-10021: Denial-of-service in SAS device abort and failover.

Incorrect error handling when aborting or failing over a SAS device
could result in resource starvation and IO hangs.  A physically present
malicious user could use this flaw to cause a denial of service.


* CVE-2018-1120: Denial-of-service when mmapping specifc part of process memory on a slow filesystem.

A missing check when an user mmap() specific part of process memory on a
slow filesystem could lead to delay in accessing those specific part
from kernel side. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2018-10940: Information leak when checking if CD-ROM media changed.

A missing check when user checks if CD-ROM media changed using an IOCTL
could lead to an information leak. A local attacker could use this flaw
to leak information about running kernel and facilitate an attack.


* CVE-2018-1130: Denial-of-service in DCCP message send.

A logic error in the dccp code could lead to a NULL pointer dereference
when transmitting messages, leading to a kernel panic.  An attacker could
use this to cause a denial-of-service.


* CVE-2018-5814: Denial-of-service when registering USB devices using USB/IP.

Locking errors when registering USB devices using USB/IP could lead to a
NULL pointer dereference and a use-after-free. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2018-10087: Denial-of-service when using wait() syscall with a too big pid.

A missing check on user input when using wait() syscall with a pid
number higher than integer limit could lead to an overflow. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2018-18255: Integer overflow when setting allocated CPU time for perf events.

A missing check on user input when setting allocated CPU time for perf
events could lead to an integer overflow. A local attacker could use
this flaw to cause a denial-of-service.


* CVE-2018-1118: Information leak when creating a new message in vhost driver.

A missing initialization of a variable passed to user space when
creating a new message in vhost driver could lead to an information
leak. A local attacker could use this flaw to get information about
running kernel and facilitate an attack.


* Improved fix for CVE-2017-5753: Bounds-check bypass in USB virtual host controller driver.

A missing use of the indirect call protection macro in the USB virtual
host controller driver could lead to speculative execution. A local
attacker could use this flaw to leak information about the running
system.


* CVE-2018-10853: Privilege escalation in guest vm when executing privileged instructions.

A missing check on privilege when executing instructions from guest
userspace could lead to a privilege escalation to guest kernel. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2018-12233: Out-of-bounds access using extended attributes with JFS filesystem.

An incorrect size for buffer allocation could lead to an out-of-bounds
access when changing attributes on a JFS file from user space. An
unprivileged user could use this flaw to cause a denial-of-service.


* CVE-2018-11506: Out-of-bounds stack write in SCSI ioctl handler.

An improperly-sized stack buffer was being used to hold ioctl
information. A malicious user could exploit this and potentially
overwrite data on the stack.


* CVE-2018-10879: Use-after-free when setting extended attribute entry on ext4 filesystem.

A logic error when setting extended attribute entry on ext4 filesystem
could lead to a use-after-free. A local attacker could use this flaw
with a crafted ext4 filesystem to cause a denial-of-service.


* CVE-2018-10878: Out-of-bounds access when initializing ext4 block bitmap.

A logic error when initializing ext4 block bitmap could lead to an
out-of-bounds access. A local attacker could use this flaw with a
crafted ext4 image to cause a denial-of-service.


* CVE-2018-10876: Use-after-free when removing space in ext4 filesystem.

A logic error when removing space in ext4 filesystem could lead to a
use-after-free. A local attacker could use this flaw with a crafted ext4
image to cause a denial-of-service.


* CVE-2018-10877: Out-of-bounds access when using corrupted ext4 filesystem with abnormal extent tree.

A missing check when using corrupted ext4 filesystem with abnormal
extent tree could lead to an out-of-bounds access. A local attacker
could use this flaw with a crafted ext4 image to cause a
denial-of-service.


* CVE-2018-10881: Data corruption when using indirect blocks with ext4 filesystem.

A missing data zeroing when using indirect blocks with ext4 filesystem
could lead to data corruption or a kernel assert. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2018-10880: Out-of-bounds access when making inode space in ext4 filesystem.

A logic error when making inode space in ext4 filesystem could lead to
an out-of-bounds access. A local attacker could use this flaw with a
crafted ext4 image to cause a denial-of-service.


* CVE-2018-10883: Out-of-bounds access in ext4 block journal handling.

A logic error in ext4 block journal handling could lead to an
out-of-bounds access. A local attacker could use this flaw with a
crafted ext4 filesystem to cause a denial-of-service.


* CVE-2018-10882: Out-of-bounds access when unmounting a crafted ext4 filesystem.

A logic error when unmounting a crafted ext4 filesystem could lead to an
out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Debian-9.0-Updates mailing list