[Ksplice][Ubuntu-16.04-Updates] New Ksplice updates for Ubuntu 16.04 Xenial (USN-3654-1)

Oracle Ksplice ksplice-support_ww at oracle.com
Fri Jun 1 05:51:29 PDT 2018 

Synopsis: USN-3654-1 can now be patched using Ksplice
CVEs: CVE-2016-7097 CVE-2017-16995 CVE-2017-17975 CVE-2017-18193 CVE-2018-1065 CVE-2018-1068 CVE-2018-1130 CVE-2018-3639 CVE-2018-5803 CVE-2018-7480 CVE-2018-7757 CVE-2018-7995 CVE-2018-8781 CVE-2018-8822

Systems running Ubuntu 16.04 Xenial can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-3654-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 16.04
Xenial install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-18193: Denial-of-service when handling extent trees in F2FS filesystem.

A logic error when handling extent trees in F2FS filesystem could lead
to a kernel assert. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2018-5803: Denial-of-service when receiving forged packet over SCTP socket.

A missing check when receiving a forged packet with custom properties
over SCTP socket could lead to a kernel assert. A remote attacker could
use this flaw to cause a denial-of-service.


* CVE-2018-1065: Invalid memory access when setting custom netfilter rules.

A missing check when a user set a custom netfilter rule could make
netfilter subsystem jump to an invalid memory address. A local attacker
could use this flaw to cause a denial-of-service.


* CVE-2018-1068: Privilege escalation in bridging interface.

Lack of userspace parameter sanitization in the 32-bit syscall interface
for bridging allows a user with limited privilege to write into kernel
memory. This flaw could be exploited to escalate privilege.


* CVE-2018-7480: Double free when initializing Generic block IO controller cgroup queue.

A logic error when initializing Generic block IO controller cgroup queue
could lead to a double free. A local attacker could use this flaw to
cause a denial-of-service.


* Improved fix for CVE-2017-16995: Privilege escalation in BPF 32-bit loads.

Incorrect sign extension of 32-bit loads could allow a local,
unprivileged user to execute arbitrary code and escalate privileges.


* CVE-2018-7757: Memory leak when reading invalid_dword_count attribute of SAS Domain Transport driver.

A missing free when reading invalid_dword_count attribute of SAS Domain
Transport driver could lead to a memory leak. A local attacker could use
this flaw to exhaust kernel memory and cause a denial-of-service.


* Improved fix to CVE-2016-7097: Group permission bypass when setting ACLs in BTRFS.

Multiple logic errors when setting POSIX ACLs in various filesystems could
lead to an incorrect set-group-id bit being set or cleared.  A local
unprivileged user could use this flaw to access files otherwise restricted,
potentially allowing a privilege escalation.


* CVE-2018-7995: Denial-of-service when accessing CPU MCE sysfs entries.

A race condition when accessing CPU Machine Check sysfs entries could
lead to a kernel panic. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2018-8781: Integer overflow when mapping memory in USB Display Link video driver.

A missing check on user input when mapping memory in USB Display Link
video driver could lead to an integer overflow. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2018-1130: Denial-of-service in DCCP message send.

A logic error in the dccp code could lead to a NULL pointer dereference
when transmitting messages, leading to a kernel panic.  An attacker could
use this to cause a denial-of-service.


* CVE-2017-17975: Double-free when registering USBTV007 video driver.

A logic error in error path when registering USBTV007 video driver could
lead to a double-free. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2018-8822: Denial-of-service in NCP filesystem server during mmap.

A failure to verify bounds in the NCP filesystem on the server side
could lead to memory corruption and a kernel panic.  This could be
exploited to cause a denial-of-service.


* CVE-2018-3639: Speculative Store Bypass information leak.

A hardware sidechannel with speculative stores could allow a malicious,
unprivileged user to leak the contents of privileged memory.

This update enables the speculative store bypass mitigation by default
when supported microcode is loaded and can be manually enabled/disabled
by writing 1/0 to /proc/sys/vm/ksplice_ssbd_control.  The
/proc/sys/vm/ksplice_ssbd_status file reports the current mitigation
status.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-16.04-updates mailing list