[Ksplice][Ubuntu-16.04-Updates] New Ksplice updates for Ubuntu 16.04 Xenial (USN-4364-1)

[Oracle Ksplice]

Synopsis: USN-4364-1 can now be patched using Ksplice
CVEs: CVE-2019-19060 CVE-2020-10942 CVE-2020-11494 CVE-2020-11565 CVE-2020-11608 CVE-2020-11609 CVE-2020-11668

Systems running Ubuntu 16.04 Xenial can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-4364-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 16.04
Xenial install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2020-11609: NULL pointer dereference when initializing STV06XX USB Camera device.

A missing check on USB endpoints when initializing STV06XX USB Camera
device could lead to a NULL pointer dereference. A local attacker could
use this flaw and a malicious USB device to cause a denial-of-service.


* Use-after-free when getting node list/status in High-availability Seamless Redundancy driver.

A locking error when getting node list/status in High-availability
Seamless Redundancy driver could lead to a use-after-free. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2020-11668: NULL pointer dereference when initializing Xirlink C-It USB camera device.

A missing check on USB endpoints when initializing Xirlink C-It USB
camera device could lead to a NULL pointer dereference. A local attacker
could use this flaw and a malicious USB device to cause a
denial-of-service.


* CVE-2019-19060: Memory leak in Analog Devices ADIS* driver when scanning devices.

A missing free of resources on allocation failure in Analog Devices
ADIS* driver when scanning devices could lead to a memory leak. A local
attacker could use this flaw to exhaust kernel memory and cause a
denial-of-service.


* CVE-2020-11608: NULL pointer dereference when initializing USB GSPCA based webcams.

A missing check on exposed endpoint numbers from USB GSPCA based webcams
could lead to a NULL pointer dereference. A local attacker could use a
malicious USB device to cause a denial-of-service.


* CVE-2020-11494: Information leak in serial line CAN device communication.

When communicating with a CAN device over serial, a buffer structure is
transmitted without proper sanitization, potentially exposing stack
memory over the network.


* Use-after-free when changing route in route4 classifier driver.

A logic error when changing route in route4 classifier driver could lead
to a use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service when adding High-availability Seamless Redundancy device.

A logic error when adding High-availability Seamless Redundancy device
could lead to an invalid memory access. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2020-10942: Out-of-bounds memory access in the Virtual host driver.

Invalid input validation could lead to type confusion and out-of-bounds
memory accesses.  A local unprivileged user could use this to cause a
denial-of-service or potentially escalate privileges.


* Out-of-bounds access on tcindex change in network packet classifier.

A logic error when changing tcindex in network packet classifier could
lead to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.


* Out-of-bounds access when using Transformation user configuration interface.

A missing check on user input when using Transformation user
configuration interface could lead to an out-of-bounds access. A local
attacker could use this flaw to cause a denial-of-service.


* Invalid memory access when using Speakup screen reader.

A logic error when using Speakup screen reader could lead to an invalid
memory access. A local attacker could use this flaw to cause a denial-
of-service.


* Denial-of-guest-service when failing to emulate instructions in KVM.

In rare cases, KVM emulation could become stuck in an infinite loop
while repeatedly failing to execute memory-mapped IO, resulting in a
denial-of-service for L2 and potentially L1 guests.


* Deadlock when receiving data over Line 6 POD USB device.

A logic error when receiving data over Line 6 POD USB device could lead
to a deadlock. A local attacker could use this flaw and a malicious USB
device to cause a denial-of-service.


* Denial-of-service during address resolution in the rdma driver.

Inadequate error handling in the rdma subsystem leads to a NULL pointer
dereference during address resolution. An attacker may exploit this bug
to cause a denial-of-service.


* Out-of-bounds-write in PCM rate plugin causes denial-of-service.

The plugin handling for ALSA PCM sound devices does not correctly
sanitize the number of audio frames it is writing to, potentially
writing outside the bounds of the buffer. A malicious device might
exploit this to cause a denial-of-service.


* CVE-2020-11565: Out-of-bounds access when mounting tmpfs.

A missing check on mpol mount option when mounting tmpfs could lead to
an out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.