El-errata: New Ksplice updates for RHCK 8 (ELSA-2020-1769)

Synopsis: ELSA-2020-1769 can now be patched using Ksplice
CVEs: CVE-2018-16871 CVE-2019-10639 CVE-2019-15090 CVE-2019-15099 CVE-2019-15221
CVE-2019-17053 CVE-2019-17055 CVE-2019-18805 CVE-2019-19056 CVE-2019-19057
CVE-2019-19073 CVE-2019-19074 CVE-2019-19534 CVE-2019-19768 CVE-2019-8980
CVE-2020-1749

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2020-1769.
More information about this errata can be found at
  https://linux.oracle.com/errata/ELSA-2020-1769.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 8 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2019-19768: Use-after-free when reporting an IO trace.

Lack of correct synchronization between releasing a structure used to store
a trace and filling that structure coud lead to a use-after-free. A local
user with the ability to enable tracing on the block IO sub-system could
use this flaw to cause a denial-of-service or potentially escalate
privileges.

Orabug: 31123573

* CVE-2018-16871: Denial-of-service in NFS copy and clone operations.

A logic error when performing NFS clone or copy operations could result
in a NULL pointer dereference and kernel crash. A remote user with
permissions to mount an exported NFS filesystem could use this flaw to
crash the server.

* CVE-2019-8980: Denial-of-service in kernel read file implementation.

A failure to free memory after a read error can result in a memory leak. A
local user could use this flaw to exhaust system memory, leading to a kernel
crash.

* CVE-2019-17053: Permission bypass when creating a IEEE 802.15.4 socket.

A missing check on user capabilities when creating a IEEE 802.15.4
socket could lead to a permission bypass.

* CVE-2019-17055: Permission bypass when creating a Modular ISDN socket.

A missing check on user capabilities when creating a Modular ISDN socket
could lead to a permission bypass.

* CVE-2019-18805: Denial-of-service in IPv4 round trip time configuration.

A failure to validate a change to the round trip time for IPv4 can
result in undefined behaviour. A local user with the ability to
configure this value could use this flaw to cause a denial-of-service.

* CVE-2019-19534: Information leak using PEAK PCAN-USB/USB Pro interfaces for
CAN 2.0b/CAN-FD.

A missing zeroing of heap buffer passed to user space in PEAK
PCAN-USB/USB Pro interfaces for CAN 2.0b/CAN-FD driver could lead to an
information leak. A local attacker could use this flaw to leak
information about running kernel and facilitate an attack.

* Note: Oracle will not provide a zero-downtime update for CVE-2019-10639.



* CVE-2019-15090: Out-of-bounds access in debug messages of QLogic QEDI
25/40/100Gb iSCSI Initiator driver.

A logic error in debug messages of QLogic QEDI 25/40/100Gb iSCSI
Initiator driver could lead to an out-of-bounds access. A local attacker
could use this flaw to cause a denial-of-service.

* CVE-2019-15099: NULL pointer dereference when sending data over Atheros ath10k
USB device.

A missing check on a USB buffer when sending data over Atheros ath10k
USB device could lead to a NULL pointer dereference. A local attacker
could use this flaw to cause a denial-of-service.

* CVE-2019-15221: Out-of-bounds write in Line6 POD USB audio interface driver.

The driver for Line6 POD USB audio interfaces allocates a buffer based
on the usb_maxpacket value reported by the device itself. A malicious
device could report a value of zero to cause an out-of-bounds write,
potentially resulting in memory corruption.

* CVE-2019-19056, CVE-2019-19057: Denial-of-service in the Marvell mwifiex PCIe
driver.

Failure to handle error during initialization of Marvell mwifiex PCIe
driver leads to memory leak. An attacker could exploit this to exhaust
kernel memory that eventually may cause a denial-of-service.

* CVE-2019-19073, CVE-2019-19074: Denial-of-service in the ath9k wireless driver.

A memory leak during driver initialization in the Atheros HTC-based
wireless subsystem could cause kernel memory exhaustion. An attacker
could exploit this flaw to cause a denial-of-service.

* CVE-2020-1749: Information disclosure in IPv6 IPSec tunneling.

A logic error in the IPv6 implementation of IPSec can lead to some
protocols being routed outside of the IPSec tunnel in an unencrypted
form. A network based attacker could use this flaw to read confidential
information.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.