[El-errata] New updates available via Ksplice (ELSA-2016-3624)

Mon Oct 10 04:57:48 PDT 2016

Synopsis: ELSA-2016-3624 can now be patched using Ksplice
CVEs: CVE-2015-8374 CVE-2016-3134 CVE-2016-4997 CVE-2016-4998 CVE-2016-5829

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2016-3624.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on EL 5 install these
updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2016-4997, CVE-2016-4998: Privilege escalation in the Netfilter driver.

Incomplete input validation when processing Netfilter xtables entries could
lead to out of bounds memory read and write.  An unprivileged user inside a
container could use this flaw to cause a denial-of-service or elevate
privileges.

* CVE-2015-8374: Information leak when truncating a compressed and inlined extent on Btrfs.

An information leak vulnerability was found when truncating a file to a
smaller size which consists of an inline extent that is compressed. The
data between the new file size and the old file size was not discarded,
allowing another user to read it through the clone ioctl.

* CVE-2016-3134: Privilege escalation in the Netfilter driver.

Incomplete input validation when processing Netfilter xtables entries could
lead to out of bounds memory read and write.  An unprivileged user inside a
container could use this flaw to cause a denial-of-service or elevate
privileges.

* Return non-zero block length for really small files on ocfs2.

Tools like tar and rsync assume a file has no data if the block
length is 0 and will skip reading them.

* Crash in InfiniBand Mellanox ConnectX HCA driver Shared Receive Queue free.

The InfiniBand Mellanox ConnectX HCA driver used the incorrect free type
when releasing a shared receive queue causing a crash or memory leak.

* Message corruption in pseudo terminal output.

A race condition in pseudo terminal hangup could result in corruption of
the terminal output under specific conditions.

* Use-after-free in ocfs2 driver during file write.

Incorrect reference counting in the ocfs2 driver if an error occurs
during file write can lead to a kernel crash.

* CVE-2016-5829: Memory corruption in unknown USB HID devices.

The USB HID driver does not validate USB data when an unknown HID device
is encountered which can allow a malicious USB device to trigger kernel
memory corruption and gain code execution.

* Kernel crash in NFS during writeback.

A kernel assertion could be incorrectly be triggered when performing
writeback of a file on an NFS filesystem under specific conditions
resulting in a kernel crash.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.