[El-errata] New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2017-3534)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Apr 4 00:28:04 PDT 2017
Synopsis: ELSA-2017-3534 can now be patched using Ksplice
CVEs: CVE-2015-4700 CVE-2015-5707 CVE-2015-8569 CVE-2016-10088 CVE-2016-10142 CVE-2016-3140 CVE-2016-3672 CVE-2016-4580 CVE-2016-7425 CVE-2016-8399 CVE-2016-8633 CVE-2016-8645 CVE-2016-9576 CVE-2016-9588 CVE-2017-5970 CVE-2017-6345 CVE-2017-7187
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2017-3534.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR3 3.8.13 on
OL6 and OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* CVE-2017-6345: Denial of service in 802.2 LLC packet processing.
A logic error when receiving PDUs on an 802.2 LLC network socket can trigger a
kernel panic and denial of service when freeing memory.
* CVE-2017-5970: Denial-of-service in ipv4 options field handling.
Incorrect behaviour when ipv4 options are used can result in a kernel
crash. A local attacker could use this flaw to cause a
* CVE-2016-3140: Denial of service in Digi AccelePort USB descriptor parsing.
A logic error in the Digi AccelePort USB driver can allow a malformed
USB descriptor with missing endpoints to trigger a NULL pointer
dereference and kernel panic.
* CVE-2016-4580: Kernel stack information leak in X25 facility negotiation.
Missing initialization of a stack data structure could result in leaking
up to 8 bytes of kernel stack information to a local, unprivileged user.
* CVE-2016-7425: Heap corruption in ARECA SATA/SAS RAID host adapter.
Lack of bounds checking when copying data from userspace could lead to heap
corruption. A local user with the ability to transfer messages to the
ARECA SATA/SAS RAID driver could use this flaw to gain kernel execution.
* CVE-2015-5707: Privilege escalation in generic SCSI character device.
An integer overflow in the SCSI generic driver in the Linux kernel could
allow a local user with write permission on a SCSI generic device to
* CVE-2015-8569: Information leak in point-to-point protocol.
A lack of validating user input could cause kernel stack memory to be
leaked to userspace in the point-to-point bind() and connect() functions.
A local, unprivileged user could use this flaw to gain information about
the running kernel.
* CVE-2016-8633: Remote code execution in the firewire driver.
Improper input validation when handling fragmented datagrams could allow a
remote attacker, through a specially crafted packet, to gain code
execution. A remote attacker could use this flaw to compromise a system
* CVE-2015-4700: Denial-of-service in the BSD Packet Filter just-in-time compiler.
A logic error in the BSD Packet Filter (BPF) just-in-time (jit) compiler
could lead the jit'ed program to contain only software breakpoints instead
of the intended opcodes. A local, privileged user could use this flaw to
cause a denial-of-service by using a specially crafter BPF program.
* CVE-2016-8645: Denial of service when receiving TCP packet.
When collapsing multiple socket buffers into one, a bug in the code
could result in kernel panic. A remote attacker can trigger this by
sending specially crafted packets and cause denial of service.
* CVE-2016-3672: Incorrect mmap randomization in i386 and X86_32 mode.
An incorrect logic when randomizing mmap addresses could facilitate an
attack and allow a local attacker to escalate privileges.
* CVE-2016-10088, CVE-2016-9576: Use-after-free in SCSI device interface.
Incorrect validation of sendfile arguments can cause a use-after-free in
the SCSI subsystem. A local user with access to /dev/sg* devices could
use this flaw to read kernel memory or escalate privileges.
* CVE-2016-10142: Denial of service when routing IPv6 atomic fragments.
The kernel IPv6 implementation processes atomic fragments according to
the IPv6 RFC. However, remote attackers can leverage a feature of
atomic fragments to stop the routing of IPv6 traffic, causing a denial
* CVE-2016-8399: Information leak using ICMP protocol.
A missing check on ICMP header length could cause an out-of-bounds read
of stack. A user could use this flaw to leak information about
kernel memory and facilitate an attack.
* CVE-2017-7187: Denial-of-service in SCSI driver ioctl handler.
The ioctl handler function in SCSI driver allows local users to cause a
denial of service (stack-based buffer overflow) or possibly have
unspecified other impact via a large command size in an SG_NEXT_CMD_LEN
ioctl call, leading to out-of-bounds write access in the sg_write
* CVE-2016-9588: Denial-of-service in Intel nested VMX exception handling.
Failure to handle exceptions thrown by an L2 guest could result in
kernel crash. A malicious guest could use this flaw to crash the
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata