[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2018-4001)

Thu Jan 4 09:04:36 PST 2018

Synopsis: ELSA-2018-4001 can now be patched using Ksplice
CVEs: CVE-2017-16525 CVE-2017-16526 CVE-2017-16529 CVE-2017-16530 CVE-2017-16531 CVE-2017-16533 CVE-2017-16535 CVE-2017-16536

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4001.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2017-16535: Out-of-bounds memory access when reading USB descriptors.

A missing check when reading USB descriptors could lead to an
out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.

Orabug: 27207970

* CVE-2017-16533: Out-of-bounds access during parsing of Human Interface Device information.

A failure to validate information supplied by a USB device can result in
a out-of-bounds memory write, leading to undefined behaviour.

Orabug: 27207918

* CVE-2017-16531: Out-of-bounds access in USB configuration parsing.

A failure to correctly validate a USB interface association description
can result in an out-of-bounds memory access.

Orabug: 27207224

* CVE-2017-16530: Out-of-bounds access in USB alternate setting enumeration.

A failure to correctly validate USB alternate information from a USB
device can result in an out-of-bounds memory access.

Orabug: 27206999

* CVE-2017-16529: Out-of-bounds access due to corrupted buffer parsing in USB audio.

A failure to validate buffer descriptors from a USB audio device can
result in an out-of-bounds memory access.

Orabug: 27206923

* CVE-2017-16526: Denial-of-service in failed launch of UWB daemon.

A failure to handle an error case when launching the UWB management
daemon can result in an invalid pointer dereference leading to a kernel
crash.

Orabug: 27206880

* CVE-2017-16525: Use-after-free in USB serial console setup failure.

A failure to handle an error case during USB serial console setup can lead to
a use-after-free.

Orabug: 27206830

* CVE-2017-16536: NULL pointer dereference when registering a Conexant cx231xx USB video device.

A missing check when probing a Conexant cx231xx USB video device could
lead to a NULL pointer dereference. A local attacker could use a crafted
USB device to cause a denial-of-service.

Orabug: 27208047

* Deadlock in user-space character device release.

Incorrect locking when releasing a CUSE device could result in deadlock
and a task hang.

Orabug: 26431550

* Divide-by-zero in load average calculation.

A divide by zero when calculating the load average of a scheduler
runqueue could result in a kernel crash under specific conditions.

Orabug: 27222316

* NULL pointer dereference in RDS/TCP with netfilter.

Attempting to use netfilter with a transport that does not support it
would result in a NULL pointer dereference and kernel crash.

Orabug: 27150029

* NULL pointer dereference in QLogic BNX2 restart.

Failure to correctly restart the BNX2 device when DMA allocation failed
could trigger a NULL pointer dereference and kernel crash.

Orabug: 27133587

* Use-after-free in Infiniband RDS debug.

A use-after-free in an Infiniband RDS debug statement could cause a
kernel crash under specific conditions.

Orabug: 27116566

* Inaccurate Work Request accounting in Infiniband RDS.

Incorrect setting of a signalling bit could result in inaccurate Work
Request accounting in Infiniband RDS connections.

Orabug: 27097105

* KVM guest boot failure with non-APICv systems.

Incorrect ordering of events to an L2 guest could result in failure to
boot on a non-APICv system.

Orabug: 27250111

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.