[Ksplice][EL8-Updates] New Ksplice updates for OL 8 and RHEL 8 (RHSA-2021:0558)

[Gregory Herrero]

Synopsis: RHSA-2021:0558 can now be patched using Ksplice
CVEs: CVE-2020-14351 CVE-2020-25705 CVE-2020-29661

Systems running RHCK on Oracle Linux 8 and Red Hat Enterprise Linux 8
can now use Ksplice to patch against the latest Red Hat Security
Advisory, RHSA-2021:0558.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running OL 8 and RHEL 8
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2020-25705: ICMP rate-limiter can indirectly leak UDP port information.

The predictability of the rate at which ICMP messages are rate-limited
can be used by attackers to effectively scan for open UDP ports on a
remote system.


* CVE-2020-29661: Use-after-free in ioctls of TTY subsystem.

A locking flaw in ioctls of TTY subsystem could lead to a use-after-free.
A local user could use this flaw to cause execution of arbitrary code or
a denial-of-service.


* CVE-2020-14351: Privilege escalation in perf subsystem due to use-after-free.

A flaw in the perf subsystem could lead to a use-after-free memory
error. This flaw could allow a local attacker with permission to monitor
perf events to corrupt memory and possibly escalate privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.