[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2017-3651)

[Errata Announcements for Oracle Linux]

Synopsis: ELSA-2017-3651 can now be patched using Ksplice
CVEs: CVE-2017-1000405 CVE-2017-12190 CVE-2017-15649 CVE-2017-16527 CVE-2017-16650 CVE-2017-6346

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2017-3651.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-16527: Use-after-free when creating mixer for USB Audio device.

A missing free in error path when creating mixer for USB Audio device
could lead to a use-after-free. A local attacker could use a crafted USB
Audio device to cause a denial-of-service.

Orabug: 27148276


* CVE-2017-16650: Divide by zero error when binding a QMI WWAN USB device.

A missing check when binding a QMI WWAN network USB device could lead to
a divide by zero error. A local attacker could use this flaw to cause a
denial-of-service.

Orabug: 27215225


* CVE-2017-6346: Use-after-free in AF_PACKET fanout.

Invalid locking when processing the PACKET_FANOUT sockopt for AF_PACKET sockets
can trigger a use-after-free condition and kernel panic. A local user could use
this flaw to elevate privileges.

Orabug: 27069065


* CVE-2017-12190: Denial-of-service in block I/O page merging.

A failure to decrement a reference count when merging block I/O pages
can result in a memory leak. A local user could use this flaw to cause a
denial-of-service.

Orabug: 27069038


* CVE-2017-1000405: Privilege escalation when writing into a Transparent Huge Page.

A logic error in internal Transparent Huge Page handling of the kernel
could let an attacker overwrite read-only data and escalate privileges.

Orabug: 27200880


* Data corruption when using Microsoft Hyper-V virtual storage driver.

A logic error when queueing command in Microsoft Hyper-V virtual storage
driver could lead to on-disk data corruption. This could cause a
denial-of-service or corruption of important logs.

Orabug: 26492697


* CVE-2017-15649: Privilege escalation using PACKET_FANOUT socket option.

A locking error when using PACKET_FANOUT option could lead to a race
condition. A local attacker could use this flaw with a crafted Fanout
system call to escalate privileges.

Orabug: 27069065

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.