[El-errata] New updates available via Ksplice (CVE-2014-1737 and CVE-2014-1738)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Mon May 12 01:07:26 PDT 2014
Synopsis: Early update for local privilege escalation in floppy driver
CVEs: CVE-2014-1737 CVE-2014-1738
An update that fixes CVE-2014-1737 and CVE-2014-1738 is now available through
Ksplice for your kernel.
The two CVEs affect the floppy driver which may be loaded even when a floppy
isn't present in the system, and allow an attacker to escalate their
privileges when they have local access.
We felt that it's important for us to ship this update early, before a new
kernel is released that fix the problem, because our audit showed that we have
a number of customers potentially affected by the CVEs.
INSTALLING THE UPDATES
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these
updates will be installed automatically and you do not need to take any
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
More information about the El-errata