[El-errata] New updates available via Ksplice (ELSA-2015-3041)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Wed Jun 10 09:44:27 PDT 2015
Synopsis: ELSA-2015-3041 can now be patched using Ksplice
CVEs: CVE-2014-9419 CVE-2014-9420 CVE-2014-9585
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Security Advisory, ELSA-2015-3041.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on EL 7 install these
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* CVE-2014-9419: Address leak on context switch bypasses ASLR.
A flaw in the context switch code could lead to leaking another thread's
local storage area. A local, unprivileged user could use this flaw to gain
information about another process address space mappings and bypass address
space layout randomization.
* CVE-2014-9420: Infinite loop in isofs when parsing continuation entries.
A flaw in the iso9660 file system support could lead to an infinite
recursion loop when parsing continuation entries. An unprivileged user
could use this flaw to crash the system resulting in a denial-of-service.
* CVE-2014-9585: Address space layout randomization bypass for VDSO address.
A flaw in the VDSO code loader leads to a 50% chance of having the VDSO
address placed at the end of a PMD. This could allow an attacker to bypass
ASLR protections more easily.
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata