[El-errata] New Ksplice updates for UEKR2 2.6.39 on OL5 and OL6 (ELSA-2016-3652)

[Errata Announcements for Oracle Linux]

Synopsis: ELSA-2016-3652 can now be patched using Ksplice
CVEs: CVE-2016-9555

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2016-3652.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR2 2.6.39 on
OL5 and OL6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2016-9555: Remote denial-of-service due to SCTP state machine memory corruption.

A missing bound-check in one of the state functions caused memory use
beyond what has been allocated. This could lead to memory corruption and
other undefined behaviors.


* Double free in Infiniband ID mapper work cancel.

If an Infiniband ID map work item was canceled while already running,
the cancellation and completion routines could both run, causing the
work item to be freed twice, potentially corrupting memory.


* Deadlock in Infiniband ID mapper global lock.

Incorrect lock ordering when an Infiniband ID map call was delayed could
cause a deadlock, potentially causing a denial-of-service.


* Abnormal allocation failure in block IO vector.

An incorrect condition when allocation block IO vectors could
cause the allocation to unexpectedly fail, potentially causing a
denial-of-service or allowing protected memory access.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.