[El-errata] Early update for remote code execution over UDP (CVE-2016-10229)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Apr 11 01:54:46 PDT 2017


Synopsis: Early update for remote code execution over UDP (CVE-2016-10229)

We felt it's important to ship this update early, before distributions
released kernels that fix the problem, because our audit showed that we
have a large number of customers vulnerable to this issue.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR2 2.6.39 on
OL5 and OL6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2016-10229: Remote code execution when receiving UDP packet with short buffers.

Incorrect handling of checksums for short receive buffers could result in
applications failing to receive data from a UDP socket. A remote attacker
could use this flaw to execute arbitrary code.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.





More information about the El-errata mailing list