[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2017-3514)

[Errata Announcements for Oracle Linux]

Synopsis: ELSA-2017-3514 can now be patched using Ksplice
CVEs: CVE-2016-4482 CVE-2016-4485 CVE-2016-8630 CVE-2016-9083 CVE-2016-9576

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2017-3514.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2016-4485: Information leak in LLC message processing.

The Logical Link Layer networking driver does not initialize memory when
proesssing ancillary data requests to an LLC socket which leaks the
contents of kernel memory to userspace. A local user could use this flaw
to infer the layout of kernel memory.


* CVE-2016-4482: Information leak in USB devfs ioctl.

The USB devfs driver can leak the contents on the kernel stack to
userspace when performing a USBDEVFS_CONNECTINFO operation.


* Denial-of-service in cryptographic algorithm sockets.

Incorrect assumptions about sequencing of calls to hash algorithms could
result in a kernel crash with specific algorithms if accept() was called
on the socket before data was received.  A local, unprivileged user
could use this flaw to crash the system.


* CVE-2016-8630: NULL pointer dereference in KVM instruction decoding.

A missing check during instruction decoding operations could lead to a
NULL pointer dereference. An attacker from a Virtual Machine could
inject instructions with specific properties to cause a
denial-of-service of the host.


* CVE-2016-9576: Use-after-free in SCSI device interface.

Incorrect validation of sendfile arguments can cause a use-after-free in
the SCSI subsystem. A local user with access to /dev/sg* devices could
use this flaw to read kernel memory or escalate privileges.


* CVE-2016-9083: Integer overflow in PCI VFIO bus driver.

An error in user-supplied arguments sanitizing of VFIO_DEVICE_SET_IRQS
ioctl could lead to an integer overflow. A local user with capability to
use this ioctl could cause a denial-of-service.


* Denial-of-service when processing packets in the Xen network backend driver.

A logic error in the Xen network backend when handling errors when
processing packets with extra info fragments could result in an incorrect
number of responses being generated, potentially causing the guest network
frontend driver to crash while processing those responses.


* Deadlock when concurrently writing and reading the Xen bus control file.

A logic error could lead to a deadlock when writing and reading
concurrently to the Xen bus file, potentially causing a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.