[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2017-3659)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Dec 14 05:24:32 PST 2017


Synopsis: ELSA-2017-3659 can now be patched using Ksplice
CVEs: CVE-2016-10318

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2017-3659.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Use-after-free in TCM/User subsystem.

A cleanup routine in Target Core Mod (TCM) / User subsystem free'd a
pointer too early. This can cause use-after-free later in a different
routine and crash the kernel, resulting in denial of service.

Orabug: 25395066


* Memory leak in overlayfs file permission checking.

A logic error when an error is encountered checking the permission of a
file on an overlay filesystem can trigger a kernel memory leak and
kernel panic.

Orabug: 26401569


* Denial of service in OverlayFS directory removal.

A race condition can allow a malicious user to remove an upper directory
while it is being hidden in the lower directory which can trigger a
kernel panic.

Orabug: 26175588


* Kernel panic when probing QLogic Fibre Channel devices.

The kernel QLogic QLA2XXX device driver does not handle NULL pointers correctly
which can trigger a kernel panic.

Orabug: 26844197, 26923029


* Out-of-bounds access when reading data over RAID5 storage.

An indexing error when reading and checking data over RAID5 storage
could lead to an out-of-bounds access. A local attacker could use this
flaw to cause a denial-of-service.

Orabug: 26047272


* Denial-of-service when handling events in Generic Target Core Mod driver.

A logic error when handling events in Generic Target Core Mod driver
could lead to a list corruption. A local attacker could use this flaw to
cause a denial-of-service.

Orabug: 25395066


* Denial-of-service in malformed overlayfs extended attributes.

The overlay filesystem does not correctly handle malformed extended
attributes from the lower filesystem which can trigger an assertion
failure and kernel panic.

Orabug: 26401569


* Denial-of-service when setting "sched_time_avg" sysctl property.

A missing check when setting "sched_time_avg" sysctl property to 0 could
lead to divide-by-zero error. A local attacker could use this flaw to
cause a denial-of-service.

Orabug: 26371482


* Denial-of-service when initializing or exiting RDS over Infiniband and iWARP protocol.

Logic errors when initializing or exiting RDS over Infiniband and iWARP
protocol could lead to memory corruption or memory leak. A local
attacker could use this flaw to cause a denial-of-service.

Orabug: 26089296, 26732887


* NULL pointer dereference when unloading Xen block backend driver.

A missing check when unloading Xen block backend driver could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.


* NULL pointer dereference when using Enabling Control Block in DTrace.

A missing check after an allocation when using Enabling Control Block in
DTrace could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.

Orabug: 26503342


* Deadlock when using Enabling Control Block in DTrace.

A locking error when using Enabling Control Block in DTrace could lead
to a deadlock. A local attacker could use this flaw to cause a
denial-of-service.

Orabug: 26680802


* Invalid memory accesses in QLogic QED 25/40/100Gb core driver.

Logic errors in QLogic QED 25/40/100Gb core driver could lead to invalid
memory accesses. A local attacker could use this flaw to cause a
denial-of-service.

Orabug: 26783820


* Deadlock when getting state in QLogic QED 25/40/100Gb core driver.

A logic error when getting state in QLogic QED 25/40/100Gb core driver
could lead to a deadlock. A local attacker could use this flaw to cause
a denial-of-service.

Orabug: 26783820


* Memory leak when destroying data path channel for QLogic QED 25/40/100Gb Ethernet NIC.

A missing free when destroying data path channel for QLogic QED
25/40/100Gb Ethernet NIC could lead to memory leak. A local attacker
could use this flaw to exhaust kernel memory and cause a
denial-of-service.

Orabug: 26783820


* Memory leak when unloading driver for Intel(R) Ethernet Controller XL710 Family.

A missing free when unloading driver for Intel(R) Ethernet Controller
XL710 Family could lead to a memory leak. A local
attacker could use this flaw to cause a denial-of-service.

Orabug: 26785018


* Denial-of-service when using iWarp functionality of Intel(R) Ethernet Controller XL710 driver.

Multiple logic errors when using iWarp functionality of Intel(R)
Ethernet Controller XL710 driver could lead to kernel panic. A local
attacker could use this flaw to cause a denial-of-service.

Orabug: 26785018


* NULL pointer dereference in Intel(R) Ethernet Controller XL710 Family driver.

A missing check after a potential allocation failure in Intel(R)
Ethernet Controller XL710 Family driver could lead to a NULL pointer
dereference. A local attacker could use this flaw to cause a
denial-of-service.

Orabug: 26785018


* NULL pointer dereference when allocating queues in Intel(R) XL710 X710 Virtual Function Ethernet driver.

A logic error when allocating queues in Intel(R) XL710 X710 Virtual
Function Ethernet driver could lead to a NULL pointer dereference. A
local attacker could use this flaw to cause a denial-of-service.

Orabug: 26785018


* Deadlock when using Intel(R) Ethernet Controller XL710 Family driver.

A locking error when using Intel(R) Ethernet Controller XL710 Family
driver could lead to a deadlock. A local attacker could use this flaw to
cause a denial-of-service.

Orabug: 26785018


* Out-of-bounds access when parsing data in Intel(R) Ethernet Controller XL710 Family driver.

A missing check when parsing data in Intel(R) Ethernet Controller XL710
Family driver could lead to an out-of-bounds access. A local attacker
could use this flaw to cause a denial-of-service.

Orabug: 26785018


* NULL pointer dereference when initializing Intel(R) 10GbE PCI Express adapters driver.

A logic error when initializing Intel(R) 10GbE PCI Express adapters
driver could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.

Orabug: 26785078


* CVE-2016-10318: Denial of service in filesystem encryption policy.

A logic error in filesystem encryption support can allow a user without
read access to a directory to still change the encryption policy which
can deny access to legitimate users, causing a denial of service.

Orabug: 25883175


* Memory leak when removing Expander devices in LSI MPT Fusion SAS 3.0 & SAS 2.0 Device Driver.

A missing free when removing Expander devices in LSI MPT Fusion SAS 3.0
& SAS 2.0 Device Driver could lead to a memory leak. A local attacker
could use this flaw to cause a denial-of-service.

Orabug: 26894858


* Out-of-bounds access when handling unwritten extent in EXT4 filesystem.

A missing check when handling unwritten extent in EXT4 filesystem could
lead to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.

Orabug: 27093425


* Data corruption when trimming OCFS2 filesystem.

A bug in the implementation of FITRIM ioctl in OCFS2 could result in
data corruption when trimming the filesystem. The resulting corruption
cannot be fixed using fsck.


* Off-by-one when looking for hole's offset in ext4 filesystem.

A boundary error when looking for hole's offset in ext4 filesystem could
lead to an off-by-one error and could prevent user from accessing valid
data.

Orabug: 27233471

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.





More information about the El-errata mailing list