[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2016-3648)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Dec 9 00:06:34 PST 2016 

Synopsis: ELSA-2016-3648 can now be patched using Ksplice
CVEs: CVE-2016-8650 CVE-2016-8655 CVE-2016-9555

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2016-3648.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Improve fix for Permission bypass when checking credentials for fs 
accesses.

An incorrect backport of the fix can result in a kernel error when
attempting to access another processes pagemep in proc.


* CVE-2016-8655: Privilege escalation in af_packet implementation.

A race condition in af_packet processing could allow a local
unprivileged user to cause a kernel crash or execute arbitrary code
with elevated privileges.


* CVE-2016-9555: Remote denial-of-service due to SCTP state machine 
memory corruption.

A missing bound-check in one of the state functions caused memory use
beyond what has been allocated. This could lead to memory corruption and
other undefined behaviors.


* CVE-2016-8650: NULL pointer dereference in the key management subsystem.

A missing check in the Multiprecision maths library used to implement
RSA digital signature verification could lead to a NULL pointer
dereference. A local user could use this flaw to cause a denial-of-service.


* Double free in Infiniband ID mapper work cancel.

If an Infiniband ID map work item was canceled while already running,
the cancellation and completion routines could both run, causing the
work item to be freed twice, potentially corrupting memory.


* Memory leak when unlinking files on ocfs2 filesystem.

Wrong logic when unlinking files on ocfs2 filesystem could lead to
memory leaks. An attacker could use this flaw to cause a
denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list