[El-errata] New updates available via Ksplice (ELSA-2016-3573)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Wed Jun 15 07:13:30 PDT 2016
Synopsis: ELSA-2016-3573 can now be patched using Ksplice
CVEs: CVE-2016-4565
The recently released Oracle Linux 6, ELSA-2016-3573, does not fix any
security problems relevant to already running systems. You do not need
to take any action to update your systems.
DESCRIPTION
* CVE-2016-4565: Privilege escalation in Infiniband ioctl.
The Infiniband ioctl interface does not correctly validate parameters
from userspace which can allow local users to corrupt kernel memory and
escalate privileges.
* Denial-of-service in Xen interrupt moving.
Moving a Xen interrupt could result in spurious interrupts being
delivered, causing crashes in drivers that did not expect to receive
them.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata
mailing list