[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2017-3651)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Fri Dec 8 13:13:11 PST 2017
Synopsis: ELSA-2017-3651 can now be patched using Ksplice
CVEs: CVE-2017-1000405 CVE-2017-12190 CVE-2017-15649 CVE-2017-16527 CVE-2017-16650 CVE-2017-6346
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2017-3651.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2017-16527: Use-after-free when creating mixer for USB Audio device.
A missing free in error path when creating mixer for USB Audio device
could lead to a use-after-free. A local attacker could use a crafted USB
Audio device to cause a denial-of-service.
Orabug: 27148276
* CVE-2017-16650: Divide by zero error when binding a QMI WWAN USB device.
A missing check when binding a QMI WWAN network USB device could lead to
a divide by zero error. A local attacker could use this flaw to cause a
denial-of-service.
Orabug: 27215225
* CVE-2017-6346: Use-after-free in AF_PACKET fanout.
Invalid locking when processing the PACKET_FANOUT sockopt for AF_PACKET sockets
can trigger a use-after-free condition and kernel panic. A local user could use
this flaw to elevate privileges.
Orabug: 27069065
* CVE-2017-12190: Denial-of-service in block I/O page merging.
A failure to decrement a reference count when merging block I/O pages
can result in a memory leak. A local user could use this flaw to cause a
denial-of-service.
Orabug: 27069038
* CVE-2017-1000405: Privilege escalation when writing into a Transparent Huge Page.
A logic error in internal Transparent Huge Page handling of the kernel
could let an attacker overwrite read-only data and escalate privileges.
Orabug: 27200880
* Data corruption when using Microsoft Hyper-V virtual storage driver.
A logic error when queueing command in Microsoft Hyper-V virtual storage
driver could lead to on-disk data corruption. This could cause a
denial-of-service or corruption of important logs.
Orabug: 26492697
* CVE-2017-15649: Privilege escalation using PACKET_FANOUT socket option.
A locking error when using PACKET_FANOUT option could lead to a race
condition. A local attacker could use this flaw with a crafted Fanout
system call to escalate privileges.
Orabug: 27069065
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata
mailing list