[El-errata] New updates available via Ksplice (ELSA-2016-3566)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon May 23 00:10:31 PDT 2016 

Synopsis: ELSA-2016-3566 can now be patched using Ksplice
CVEs: CVE-2013-2015 CVE-2015-7509 CVE-2015-8215 CVE-2015-8543 CVE-2016-3157

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Security Advisory, ELSA-2016-3566.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on EL 6 install these
updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2016-3157: Xen I/O port access privilege escalation in x86-64.

User mode processes not supposed to be able to access I/O ports may
be granted such permission, potentially resulting in one or more of
in-guest privilege escalation, guest crashes (Denial of Service), or
in-guest information leaks.


* CVE-2013-2015, CVE-2015-7509: Possible privilege escalation when mounting an non-journaled ext4 filesystem.

A flaw was found in the ext4 file system when handling non-journal file
systems with an orphan list. An attacker with physical access to the system
could use this flaw to crash the system or potentially escalate their
privileges on the system.


* CVE-2015-8215: Remote denial-of-service of network traffic when changing the MTU.

Lack of validating the MTU in the IPv6 stack when it is reset could allow a
remote attacker to change the MTU through rogue router advertisement
packets.  A remote attacker could use this flaw to disrupt the system's
networking leading to high packet loss and denial-of-service.


* CVE-2015-8543: Denial-of-service on out of range protocol for raw sockets.

It was discovered that a local user permitted to create raw sockets could
cause a denial-of-service by specifying an invalid protocol number for the
socket.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list