[El-errata] New updates available via Ksplice (CVE-2014-1737 and CVE-2014-1738)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon May 12 01:07:26 PDT 2014


Synopsis: Early update for local privilege escalation in floppy driver                                                                                                                                                                                                                                                         
CVEs: CVE-2014-1737 CVE-2014-1738                                                                                                                                                                                                                                                                                              

An update that fixes CVE-2014-1737 and CVE-2014-1738 is now available through
Ksplice for your kernel.

The two CVEs affect the floppy driver which may be loaded even when a floppy
isn't present in the system, and allow an attacker to escalate their
privileges when they have local access.

We felt that it's important for us to ship this update early, before a new
kernel is released that fix the problem, because our audit showed that we have
a number of customers potentially affected by the CVEs.

INSTALLING THE UPDATES

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these
updates will be installed automatically and you do not need to take any
action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y                                                                                                                                                                                                                                                                                                 




More information about the El-errata mailing list