[El-errata] New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2017-3657)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Dec 11 10:52:42 PST 2017 

Synopsis: ELSA-2017-3657 can now be patched using Ksplice
CVEs: CVE-2017-12190 CVE-2017-15274 CVE-2017-7889

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2017-3657.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR3 3.8.13 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-12190: Denial-of-service in block I/O page merging.

A failure to decrement a reference count when merging block I/O pages
can result in a memory leak. A local user could use this flaw to cause a
denial-of-service.

Orabug: 27069042


* Invalid memory access when unmapping DMA address in Xsigo fabric driver.

A missing check when unmapping DMA address in Xsigo fabric driver could
lead to an invalid memory access. A local attacker could use this flaw
to cause a denial-of-service.

Orabug: 27058468


* CVE-2017-7889: Permissions bypass via /dev/mem file.

The mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM
protection mechanism, which allows local users to read or write to
kernel memory locations via an application that opens the /dev/mem file.

Orabug: 26675925


* CVE-2017-15274: Denial-of-service when adding a key using the key control subsystem.

A missing check on user input when using add_key syscall of keyctl could
lead to a NULL pointer dereference if the key type is asymmetric,
cifs.idmap, cifs.spnego, or pkcs7_test.  A local attacker could use this
flaw to cause a denial-of-service.

Orabug: 26592025


* Use-after-free in OCFS2 distributed lock manager.

Incorrect reference counting in the OCFS2 filesystem driver can trigger
a use-after-free and kernel panic when migrating a lock.

Orabug: 26479780


* Denial-of-service with in ASM AIO submission.

In some circumstances, including when installing Oracle Grid software,
an improperly initialized structure fails an integrity check, leading
to a kernel panic.  This could be used to cause an denial of service.

Orabug: 26649818


* Denial-of-service in legacy pseudo terminal driver.

A race condition in write callback of legacy pseudo terminal driver could
lead to a NULL pointer dereference. A local attacker could use this flaw
to cause a denial-of-service.

Orabug: 25392692

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list