[El-errata] New updates available via Ksplice (ELSA-2016-3503)

[Errata Announcements for Oracle Linux]

Synopsis: ELSA-2016-3503 can now be patched using Ksplice
CVEs: CVE-2013-7421 CVE-2014-9644 CVE-2015-5307 CVE-2015-7613 CVE-2015-8104

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Security Advisory, ELSA-2016-3503.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on EL 5 install these
updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2015-5307: KVM host denial-of-service in alignment check.

A guest could cause a denial-of-service on a KVM host by triggering an
infinite stream of alignment check exceptions and causing the processor
microcode to enter an infinite loop.  A privileged user in a guest could
use this flaw to crash the host.


* CVE-2015-8104: KVM host denial-of-service in debug exception.

A guest could cause a denial-of-service on a KVM host by triggering a
debug exception to fire during an existing debug exception.  This could
cause the host to get trapped in an infinite loop causing a
denial-of-service.  A privileged user in a guest could use this flaw to
crash the host.


* CVE-2013-7421, CVE-2014-9644: Arbitrary module loading by users in 
crypto API.

The kernel crypto API does not restrict which kernel modules can be
loaded automatically which allows users to load arbitrary kernel
modules. This allows an unprivileged user to increase the attack surface
of the kernel.


* CVE-2015-7613: Privilege escalation in IPC object initialization.

Incorrect initialization of IPC objects could result in memory
corruption when creating message queues or shared memory.  A local,
unprivileged user could use this flaw to escalate privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.