[Ksplice][Ubuntu-16.04-Updates] New Ksplice updates for Ubuntu 16.04 Xenial (USN-4427-1)

[Oracle Ksplice]

Synopsis: USN-4427-1 can now be patched using Ksplice
CVEs: CVE-2019-19947 CVE-2019-20810 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-11935 CVE-2020-13974

Systems running Ubuntu 16.04 Xenial can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-4427-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 16.04
Xenial install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-19947: Information leak in CAN Kvaser memory allocations.

Missing clearing of memory allocations could result in an information
leak of kernel heap memory to user-space.


* Invalid memory access when using Extended Verification Module.

A logic error in error path when using Extended Verification Module
could lead to an invalid memory access. A local attacker could use this
flaw to cause a denial-of-service.


* Denial-of-service in fsync on BTRFS filesystems.

A flaw in the handling of fsync requests to a BTRFS filesystem can
result in data corruption. A local attacker could use this flaw to
corrupt the filesystem leading to a denial-of-service.


* Invalid memory access in L2TP tunnel session setup.

A race condition in the l2tp code could allow an user to access uninitlized
memory during l2tp tunnel setup.


* Invalid memory handling with l2tp tunnel freeing.

Various bugs in the l2tp code could result in memory structures being
removed prematurely, thus leading to potential memory corruption or
kernel panics.


* CVE-2020-11935: Denial-of-service attack with aufs inode reference counts.

A logic error in the aufs dentry_open function could result in invalid
reference counts, leading to a kernel BUG().  An attacker could potentially
exploit this to cause a denial-of-service attack.


* CVE-2020-10766: Information leak using Spectre V4 variant.

A logic error when context switching between multiple processes could
let an attacker disable SSBD mitigation and leak information about
victim process.


* CVE-2020-13974: Integer overflow in virtual terminal keyboard interface.

Improper handling of ASCII key events in the kernel's virtual terminal
driver could lead to an integer overflow on repeated keypresses. This
could potentially result in an unspecified security impact.


* NULL pointer dereference when sending IPv4 data over IPv6 VXLAN over IPSec.

A logic error in the xfrm code could lead to a kernel NULL pointer dereference
when sending IPv4 data over a IPv6 vxlan over ipsec.  This could be exploited
for a denial of service.


* CVE-2020-10767: Information leak using Spectre V2 attack due to IBPB being disabled.

A logic error when STIBP is not supported by the hardware makes IBPB
disabled unconditionally by default. A local attacker could use this
flaw to leak information about other processes.


* CVE-2020-10768: Information leak using Spectre V2 gadgets due to incorrect prctl configuration.

A logic error could let a local user enable indirect branch prediction
even if it has been force disabled to mitigate Spectre V2 attacks. A
local attacker could use this flaw to leak information about a victim
process.


* CVE-2019-20810: Denial-of-service with GO7007 sound card initialization.

A failure to properly deal with errors during initialization could lead
to a memory leak.  This could be exploited for a denial-of-service attack.


* Restrict kernel memory access when kernel is locked down.

A locked down kernel shouldn't allow privilege user access to core kernel
memory via /dev/mem, /dev/kmem/ and /dev/port.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.