[El-errata] New updates available via Ksplice (ELSA-2015-3002)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Jan 12 12:50:58 PST 2015 

Synopsis: ELSA-2015-3002 can now be patched using Ksplice

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Security Advisory, ELSA-2015-3002.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on EL 6 install these
updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Kernel hang on dead block queue handling.

Missing synchronization when handling a dead queue may result in a
kernel hang on device I/O.


* Kernel crash during Infiniband port failover test.

Incorrect locking could result in a kernel crash during the Infiniband
port failover test.


* Use-after-free in RDS connection freeing.

Missing locking during connection freeing could result in a
use-after-free condition and kernel crash.


* OCFS2 failure to rejoin cluster after illegal connection.

The OCFS2 filesystem failed to recover from an illegal connection
attempt resulting in an inability to rejoin a cluster.


* Kernel panic in floating point state sanitization.

A paranoid assertion could incorrectly be triggered during a task
switching or during core dumping resulting in a kernel crash.


* Buffer overflow in SCSI megaraid driver when servicing an ioctl.

Lack of input validation in the SCSI megaraid driver could lead to a buffer
overflow and kernel panic. A local, privileged user could use this flaw to
cause a denial-of-service or potentially gain kernel code execution.


* NULL pointer dereference in Distributed Lock Manager BAST handler.

A race condition between BAST and unlock messages could result in a NULL
pointer dereference and kernel crash.


* Denial-of-service in IP-over-Infiniband child deletion.

Permissions for IPOIB devices allowed an unpriviliged local user to add
and remove child devices which could result in networking failure.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list