[El-errata] New Ksplice updates for UEKR2 2.6.39 on OL5 and OL6 (ELSA-2017-3658)

[Errata Announcements for Oracle Linux]

Synopsis: ELSA-2017-3658 can now be patched using Ksplice
CVEs: CVE-2017-12190 CVE-2017-15274 CVE-2017-2671 CVE-2017-7889

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2017-3658.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR2 2.6.39 on
OL5 and OL6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-12190: Denial-of-service in block I/O page merging.

A failure to decrement a reference count when merging block I/O pages
can result in a memory leak. A local user could use this flaw to cause a
denial-of-service.

Orabug: 27069045


* Invalid memory access when unmapping DMA address in Xsigo fabric driver.

A missing check when unmapping DMA address in Xsigo fabric driver could
lead to an invalid memory access. A local attacker could use this flaw
to cause a denial-of-service.

Orabug: 27058559


* Data read failure when using OCFS2 over a network file system.

A logic error in the splice mechanism used by OCFS2 could prevent a
user from reading data stored in an OCFS2 filesystem mounted over a
network file system.

Orabug: 26797307


* CVE-2017-7889: Permissions bypass via /dev/mem file.

The mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM
protection mechanism, which allows local users to read or write to
kernel memory locations via an application that opens the /dev/mem file.

Orabug: 26675934


* Denial-of-service with in ASM AIO submission.

In some circumstances, including when installing Oracle Grid software,
an improperly initialized structure fails an integrity check, leading
to a kernel panic.  This could be used to cause an denial of service.

Orabug: 26650039


* CVE-2017-15274: Denial-of-service when adding a key using the key control subsystem.

A missing check on user input when using add_key syscall of keyctl could
lead to a NULL pointer dereference if the key type is asymmetric,
cifs.idmap, cifs.spnego, or pkcs7_test.  A local attacker could use this
flaw to cause a denial-of-service.

Orabug: 26592013


* CVE-2017-2671: Use-after-free in ping implementation.

A race condition in the kernel ping implementation can result in a
use-after-free. A local attacker with access to ping sockets could use
this flaw to cause a kernel crash or escalate privileges.

Orabug: 26540288


* Denial-of-service when attaching large numbers of Xen paravirt devices.

Incorrect error checking when attaching a large number of Xen paravirt
devices can trigger a BUG_ON and kernel panic when booting or migrating
a virtual machine.

Orabug: 25102637


* Denial-of-service in legacy pseudo terminal driver.

A race condition in write callback of legacy pseudo terminal driver could
lead to a NULL pointer dereference. A local attacker could use this flaw
to cause a denial-of-service.

Orabug: 25392692, 24337879


* Use-after-free in OCFS2 distributed lock manager.

Incorrect reference counting in the OCFS2 filesystem driver can trigger
a use-after-free and kernel panic when migrating a lock.

Orabug: 23320090

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.