[El-errata] New Ksplice updates for UEKR2 2.6.39 on OL5 and OL6 (ELSA-2017-3658)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Dec 12 03:19:38 PST 2017
Synopsis: ELSA-2017-3658 can now be patched using Ksplice
CVEs: CVE-2017-12190 CVE-2017-15274 CVE-2017-2671 CVE-2017-7889
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2017-3658.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR2 2.6.39 on
OL5 and OL6 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* CVE-2017-12190: Denial-of-service in block I/O page merging.
A failure to decrement a reference count when merging block I/O pages
can result in a memory leak. A local user could use this flaw to cause a
* Invalid memory access when unmapping DMA address in Xsigo fabric driver.
A missing check when unmapping DMA address in Xsigo fabric driver could
lead to an invalid memory access. A local attacker could use this flaw
to cause a denial-of-service.
* Data read failure when using OCFS2 over a network file system.
A logic error in the splice mechanism used by OCFS2 could prevent a
user from reading data stored in an OCFS2 filesystem mounted over a
network file system.
* CVE-2017-7889: Permissions bypass via /dev/mem file.
The mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM
protection mechanism, which allows local users to read or write to
kernel memory locations via an application that opens the /dev/mem file.
* Denial-of-service with in ASM AIO submission.
In some circumstances, including when installing Oracle Grid software,
an improperly initialized structure fails an integrity check, leading
to a kernel panic. This could be used to cause an denial of service.
* CVE-2017-15274: Denial-of-service when adding a key using the key control subsystem.
A missing check on user input when using add_key syscall of keyctl could
lead to a NULL pointer dereference if the key type is asymmetric,
cifs.idmap, cifs.spnego, or pkcs7_test. A local attacker could use this
flaw to cause a denial-of-service.
* CVE-2017-2671: Use-after-free in ping implementation.
A race condition in the kernel ping implementation can result in a
use-after-free. A local attacker with access to ping sockets could use
this flaw to cause a kernel crash or escalate privileges.
* Denial-of-service when attaching large numbers of Xen paravirt devices.
Incorrect error checking when attaching a large number of Xen paravirt
devices can trigger a BUG_ON and kernel panic when booting or migrating
a virtual machine.
* Denial-of-service in legacy pseudo terminal driver.
A race condition in write callback of legacy pseudo terminal driver could
lead to a NULL pointer dereference. A local attacker could use this flaw
to cause a denial-of-service.
Orabug: 25392692, 24337879
* Use-after-free in OCFS2 distributed lock manager.
Incorrect reference counting in the OCFS2 filesystem driver can trigger
a use-after-free and kernel panic when migrating a lock.
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata