[Ksplice-Fedora-26-updates] New Ksplice updates for Fedora 26 (FEDORA-2018-8dc60a4feb)

Oracle Ksplice ksplice-support_ww at oracle.com
Thu Feb 1 08:22:51 PST 2018 

Synopsis: FEDORA-2018-8dc60a4feb can now be patched using Ksplice
CVEs: CVE-2017-1000410 CVE-2017-5753 CVE-2018-5332 CVE-2018-5333 CVE-2018-5344

Systems running Fedora 26 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2018-8dc60a4feb.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 26
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Improved fix for CVE-2017-5753: Speculative execution in KVM VMCS field-to-offset table.

The KVM VMCS field-to-offset table is vulnerable to a Spectre variant 1
side-channel attack. An unprivileged guest could exploit this flaw to
read arbitrary memory in the host.


* CVE-2017-1000410: Information leak in Bluetooth L2CAP messages.

Incorrect handling of short EFS elements in an L2CAP message could allow
an attacker to leak the contents of kernel memory.


* NULL pointer dereference when using Mellanox Technologies Spectrum driver.

A missing check when using Mellanox Technologies Spectrum driver could
lead to a NULL pointer dereference. A local attacker could use this flaw
to cause a denial-of-service.


* Denial-of-service when using PCM OSS audio stream.

Logic errors when reading, writing or closing PCM OSS audio stream could
lead to kernel log flood or deadlocks. A local attacker could use this
flaw to cause a denial-of-service.


* Memory leak when unregistering a VLAN device with id 0.

A logic error when unregistering a VLAN device with id 0 could lead to a
memory leak. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2018-5332: Out-of-bounds write when sending messages through Reliable Datagram Sockets.

A missing check when sending messages through Reliable Datagram Sockets
could lead to an out-of-bounds write in the heap. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2018-5333: NULL pointer dereference when freeing resources in Reliable Datagram Sockets driver.

A missing check when freeing resources in Reliable Datagram Sockets
driver could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.


* Denial-of-service when handling ICMP Frag in SCTP driver.

A logic error when handling ICMP Frag in SCTP driver could lead to a
kernel log flood. A local attacker could use this flaw to cause a
denial-of-service.


* Memory leak when using corking over IPV6.

A missing freeing of resources in error path when using corking over
IPV6 could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a denial-of-service.


* NULL pointer dereference when using API for cryptographic algorithms.

A missing check when using API for cryptographic algorithms could lead
to a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.


* Off-by-one access when adding a view in DRM driver for VMware Virtual GPU.

A missing check when adding a view in DRM driver for VMware Virtual GPU
could lead to an off-by-one error. A local attacker could use this flaw
to cause a denial-of-service.


* Denial-of-service when using USB monitoring interface.

A locking error when using USB monitoring interface could lead to a
kernel assert. A local attacker could use this flaw to cause a
denial-of-service.


* Information leak when using USB IP driver.

Verbose debugging information in USB IP driver could leak information
about kernel address. A local attacker could use this flaw to leak
information about kernel and facilitate an attack.


* Denial-of-service when submitting a command over USB IP.

A missing check on user input when submitting a command over USB IP
could lead to kernel memory exhaustion. A local attacker could use this
flaw to cause a denial-of-service.


* NULL pointer dereference when sending commands over USB IP.

A missing check when sending command over USB IP could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2018-5344: Use-after-free when opening a loopback device.

A race condition between opening and releasing a loopback device could
lead to a use-after-free. A local attacker could use this flaw to cause
a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-26-Updates mailing list