Errata overview
Errata ID 79
Date 2018-05-16
Source package univention-kernel-image-signed
Fixed in version 4.0.0-3A~4.3.0.201805091310
Description 
This update of the Linux kernel to version 4.9.88 addresses the following
issues:
* use-after-free in the usbtv_probe function in
  drivers/media/usb/usbtv/usbtv-core.c (CVE-2017-17975)
* Mishandled extent trees in fs/f2fs/extent_cache.c can allow a local user to
  cause a denial of service (CVE-2017-18193)
* Null pointer dereference in fs/ocfs2/cluster/nodemanager.c allows local
  users to cause denial of service (CVE-2017-18216)
* Use-after-free vulnerability in
  drivers/net/ethernet/hisilicon/hns/hns_enet.c allows local attacker to
  cause denial of service (CVE-2017-18218)
* Memory corruption in ethtool_get_strings function in hns driver
  (CVE-2017-18222)
* race condition due to concurrent access to extent tree in fs/ocfs2/aops.c
  (CVE-2017-18224)
* Null pointer dereference in fs/f2fs/segment.c via mounting fs with
  noflush_merge option allows local denial of service (CVE-2017-18241)
* Inifinite loop caused by integer overflow in
  fs/f2fs/data.c:__get_data_block() allows for denial of service
  (CVE-2017-18257)
* netfilter: xtables NULL pointer dereference in ip6_tables.c:ip6t_do_table()
  leading to a crash (CVE-2018-1065)
* Null pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() when
  empty TargetInfo is returned in NTLMSSP setup negotiation response allowing
  to crash client's kernel (CVE-2018-1066)
* Out-of-bounds write via userland offsets in ebt_entry struct in
  netfilter/ebtables.c (CVE-2018-1068)
* KVM: error in exception handling leads to wrong debug stack value
  (CVE-2018-1087)
* NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when
  mounting crafted ext4 image (CVE-2018-1092)
* Out of bounds read in ext4/balloc.c:ext4_valid_block_bitmap() causes crash
  with crafted ext4 image (CVE-2018-1093)
* drivers: getrandom(2) unblocks too early after system boot (CVE-2018-1108)
* Missing length check of payload in
  net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of
  service (CVE-2018-5803)
* Double free in block/blk-cgroup.c:blkcg_init_queue() can allow a local user
  to cause a denial of service (CVE-2018-7480)
* race condition in snd_seq_write() may lead to UAF or OOB-access
  (CVE-2018-7566)
* Denial of service in resv_map_release function in mm/hugetlb.c
  (CVE-2018-7740)
* Memory leak in the sas_smp_get_phy_events function in
  drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)
* Race condition in the store_int_with_restart() function in cpu/mcheck/mce.c
  (CVE-2018-7995)
* Memory leak in drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl()
  can lead to potential denial of service (CVE-2018-8087)
* Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow
  attackers to execute code in kernel space (CVE-2018-8781)
* Memory corruption in ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c
  (CVE-2018-8822)
* error in exception handling leads to DoS (CVE-2018-8897)
* Invalid pointer dereference in xfs_bmapi_write() when mounting and
  operating on crafted xfs image allows denial of service (CVE-2018-10323)
* ptrace() incorrect error handling leads to corruption and DoS
  (CVE-2018-1000199)
Additional notes This is the second of two parts.
CVE ID CVE-2017-17975
CVE-2017-18193
CVE-2017-18216
CVE-2017-18218
CVE-2017-18222
CVE-2017-18224
CVE-2017-18241
CVE-2017-18257
CVE-2018-1065
CVE-2018-1066
CVE-2018-1068
CVE-2018-1087
CVE-2018-1092
CVE-2018-1093
CVE-2018-1108
CVE-2018-5803
CVE-2018-7480
CVE-2018-7566
CVE-2018-7740
CVE-2018-7757
CVE-2018-7995
CVE-2018-8087
CVE-2018-8781
CVE-2018-8822
CVE-2018-8897
CVE-2018-10323
CVE-2018-1000199
UCS Bug number #46984