[El-errata] New updates available via Ksplice (ELBA-2015-3076)

[Errata Announcements for Oracle Linux]

Synopsis: ELBA-2015-3076 can now be patched using Ksplice
CVEs: CVE-2012-3520

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle kernel update, ELBA-2015-3076.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on EL 5 install these
updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Kernel panic in OCFS2 during lock migration.

Due to a logic error and data race during lock migration in the OCFS2
filesystem, it is possible in rare circumstances for the kernel to
dereference invalid data which will trigger a subsequent assertion
failure.


* NFS hang on OCFS2 cluster during unlock race.

A race condition in the OCFS2 and DLM interaction could result in NFS
accesses hanging under rare conditions.


* Use-after-free in shmctl(IPC_RMID) call.

A use-after-free when performing the shmctl(IPC_RMID) during other
shared memory IPC operations could result in a kernel crash, triggerable
by a local, privileged user.


* Incorrect permissions in XFS subdirectories with SGID bit set and ACL's.

New files and directories in a subdirectory with an access control list
and the SGID bit set would not have the group correctly inherited.


* Kernel crash in Infiniband RDS packet reception.

Receiving incorrectly addressed RDS packets over an Infiniband
connection could result in a kernel crash and denial-of-service.  A
remote user that could send RDS packets to the host could trigger a
denial-of-service.


* Soft lockup in JBD2 journal locking.

Under specific conditions, a filesystem using the JBD2 journal could get
stuck in an uninterruptible sleep waiting for the journal to lock.


* CVE-2012-3520: privilege escalation in netlink socket credential passing.

Under certain circumstances the kernel could pass zeroed credentials to
userspace causing the application to mistakenly see credentials for the
superuser resulting in a possible privilege escalation.


* Use-after-free in NVMe device disabling.

A race condition in NVMe device disabling could result in accessing an
unmapped address on queue completion and crashing the kernel.


* Out-of-bounds memory access in IP over Infiniband protocol validation.

A logic error in the IP over Infiniband driver protocol version
validation could result in false positives and accessing beyond the end
of a structure, causing a kernel crash.


* Denial-of-service in Reliable Datagram Socket transmission.

Sending a large number of datagrams over an RDS socket could result in
exceeding the send buffer and blocking the device.  A local,
unprivileged user could use this flaw to trigger a denial-of-service
attack.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.