[Ksplice][Ubuntu-14.04-Updates] New Ksplice updates for Ubuntu 14.04 Trusty (USN-3620-1)
Oracle Ksplice
ksplice-support_ww at oracle.com
Thu Apr 5 03:46:48 PDT 2018
Synopsis: USN-3620-1 can now be patched using Ksplice
CVEs: CVE-2017-11089 CVE-2017-12762 CVE-2017-17448 CVE-2017-17741 CVE-2017-17805 CVE-2017-17807 CVE-2018-1000026 CVE-2018-5332
Systems running Ubuntu 14.04 Trusty can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-3620-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Ubuntu 14.04
Trusty install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2017-11089: Out-of-bounds access when setting a specific wireless attribute.
A missing check on input from userspace when setting wireless local mesh
power mode attribute could lead to an out-of-bounds access. A local
attacker could use this flaw to cause a denial-of-service.
* CVE-2017-12762: Buffer overflow when using Integrated Services Digital Network driver.
A missing check when using Integrated Services Digital Network driver
could lead to a buffer overflow. A local attacker could use this flaw to
cause a denial-of-service.
* CVE-2017-17741: Denial-of-service in kvm_mmio tracepoint.
An out-of-bounds access in the kvm_mmio tracepoint could result in a
kernel crash. A malicious guest could use this flaw to crash the
virtualization host.
* Denial-of-service when shutting down iSCSI transport interface.
Logic errors when shutting down iSCSI transport interface without logging
out could cause a deadlock. A local attacker could use this flaw to
cause a denial-of-service.
* CVE-2017-17805: Denial-of-service in SALSA20 block cipher.
Incorrect handling of zero length buffers could result in an invalid
pointer dereference and kernel crash. A local, unprivileged user could
use this flaw to crash the system, or potentially, escalate privileges.
* CVE-2018-5332: Out-of-bounds write when sending messages through Reliable Datagram Sockets.
A missing check when sending messages through Reliable Datagram Sockets
could lead to an out-of-bounds write in the heap. A local attacker could
use this flaw to cause a denial-of-service.
* CVE-2017-17448: Unprivileged access to netlink namespace creation.
net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4
does not require the CAP_NET_ADMIN capability for new, get, and del
operations, which allows local users to bypass intended access
restrictions because the nfnl_cthelper_list data structure is shared
across all net namespaces.
* CVE-2017-17807: Permissions bypass when requesting key on default keyring.
When calling request_key() with no keyring specified, the requested key
is generated and added to the keyring even if the user does not have
write permissions.
* Data corruption when using Microsoft Hyper-V virtual storage driver.
A logic error when queueing command in Microsoft Hyper-V virtual storage
driver could lead to on-disk data corruption. This could cause a
denial-of-service or corruption of important logs.
* CVE-2018-1000026: Denial-of-service when receiving invalid packet on bnx2x network card.
A missing input validation when receiving invalid packet on bnx2x
network card could lead to network outage. A remote attacker could use
this flaw to cause a denial-of-service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-14.04-updates
mailing list