[Ksplice][Debian 9.0 Updates] New Ksplice updates for Debian 9.0 Stretch (DSA-4188-1)

Gregory Herrero gregory.herrero at oracle.com
Fri May 4 14:13:11 PDT 2018 

Synopsis: DSA-4188-1 can now be patched using Ksplice
CVEs: CVE-2017-17975 CVE-2017-18193 CVE-2017-18216 CVE-2017-18224 CVE-2017-18241 CVE-2017-18257 CVE-2018-1000199 CVE-2018-10323 CVE-2018-1065 CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-1093 CVE-2018-1108 CVE-2018-5803 CVE-2018-7480 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757 CVE-2018-7995 CVE-2018-8087 CVE-2018-8781 CVE-2018-8822

Systems running Debian 9.0 Stretch can now use Ksplice to patch
against the latest Debian Security Advisory, DSA-4188-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Debian 9.0
Stretch install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-18193: Denial-of-service when handling extent trees in F2FS filesystem.

A logic error when handling extent trees in F2FS filesystem could lead
to a kernel assert. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2018-1000199: Denial-of-service in hardware breakpoints.

Incorrect validation of a ptrace hardware breakpoint could result in
corrupted kernel state.  A local, unprivileged user could use this flaw
to crash the system or potentially, escalate privileges.


* CVE-2017-18216: NULL pointer dereference while deleting OCFS2 node.

A race condition when deleting OCFS2 node could lead to a NULL pointer
dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2017-18224: Denial-of-service while accessing extent tree during read operation of OCFS2 filesystem.

A race condition while accessing extent tree during read operation in
direct mode of OCFS2 filesystem could lead to kernel assert. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2017-18241: NULL pointer dereference when using flush command of F2FS filesystem.

A logic error when mounting a F2FS filesystem with noflush_merge option
could lead to NULL pointer dereference while flush command is called. A
local attacker could use this flaw to cause a denial-of-service.


* CVE-2017-18257: Deadlock when using FIEMAP ioctl of F2FS filesystem.

A missing variable conversion when using FIEMAP ioctl of F2FS filesystem
could lead to a deadlock. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2018-7740: Denial-of-service when using remap_file_pages() system call.

A logic error in HugeTLB file system when using remap_file_pages()
system call could lead to a kernel assert. A local attacker could use
this flaw to cause a denial-of-service.


* CVE-2018-8087: Memory leak when using Simulated radio testing tool for mac80211.

A missing release of resources when creating a new radio in Simulated
radio testing tool for mac80211 could lead to a memory leak. A local
attacker could use this flaw to exhaust kernel memory and cause a
denial-of-service.


* CVE-2018-8781: Integer overflow when mapping memory in USB Display Link video driver.

A missing check on user input when mapping memory in USB Display Link
video driver could lead to an integer overflow. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2018-10323: NULL pointer dereference when converting extents-format to B+tree in XFS filesystem.

A logic error when converting extents-format to B+tree in XFS filesystem
could lead to a NULL pointer dereference. A local attacker could use
this flaw with a crafted XFS image to cause a denial-of-service.


* CVE-2018-1092: NULL pointer dereference when using unallocated root directory on ext4 filesystem.

A missing check when using unallocated root directory on ext4 filesystem
could lead to a NULL pointer dereference. A local attacker could mount a
crafted ext4 filesystem and cause a denial-of-service.


* CVE-2018-1093: Denial-of-service in ext4 bitmap block validity check.

A failure to correctly validate bitmap information from an ext4
filesystem can result in an out-of-bounds read, leading to a Kernel
crash. A local user with the ability to mount an ext4 filesystem could
use this flaw to cause a denial-of-service.


* CVE-2018-7757: Memory leak when reading invalid_dword_count attribute of SAS Domain Transport driver.

A missing free when reading invalid_dword_count attribute of SAS Domain
Transport driver could lead to a memory leak. A local attacker could use
this flaw to exhaust kernel memory and cause a denial-of-service.


* CVE-2017-17975: Double-free when registering USBTV007 video driver.

A logic error in error path when registering USBTV007 video driver could
lead to a double-free. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2018-8822: Denial-of-service in NCP filesystem server during mmap.

A failure to verify bounds in the NCP filesystem on the server side
could lead to memory corruption and a kernel panic.  This could be
exploited to cause a denial-of-service.


* CVE-2018-1068: Privilege escalation in bridging interface.

Lack of userspace parameter sanitization in the 32-bit syscall interface
for bridging allows a user with limited privilege to write into kernel
memory. This flaw could be exploited to escalate privilege.


* CVE-2018-1065: Invalid memory access when setting custom netfilter rules.

A missing check when a user set a custom netfilter rule could make
netfilter subsystem jump to an invalid memory address. A local attacker
could use this flaw to cause a denial-of-service.


* CVE-2018-7995: Denial-of-service when accessing CPU MCE sysfs entries.

A race condition when accessing CPU Machine Check sysfs entries could
lead to a kernel panic. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2018-5803: Denial-of-service when receiving forged packet over SCTP socket.

A missing check when receiving a forged packet with custom properties
over SCTP socket could lead to a kernel assert. A remote attacker could
use this flaw to cause a denial-of-service.


* CVE-2018-7566: Denial-of-service when initializing ALSA sequence pool.

A race condition when initializing ALSA sequence pool leads to
use-after-free and out-of-bound memory access. An attacker can exploit
this to cause denial-of-service.


* CVE-2018-7480: Double free when initializing Generic block IO controller cgroup queue.

A logic error when initializing Generic block IO controller cgroup queue
could lead to a double free. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2018-1066: NULL pointer dereference in encryption handling of CIFS filesystem.

A logic error in encryption handling of CIFS filesystem could lead to a
NULL pointer dereference. A remote attacker owning a CIFS filesystem
mounted by targeted client could use this flaw to cause
a denial-of-service at client side.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Debian-9.0-Updates mailing list