[El-errata] New Ksplice updates for UEKR2 2.6.39 on OL5 and OL6 (ELSA-2017-3516)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Feb 13 08:57:18 PST 2017 

Synopsis: ELSA-2017-3516 can now be patched using Ksplice
CVEs: CVE-2015-1420 CVE-2016-4482 CVE-2016-4485 CVE-2016-8646

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2017-3516.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR2 2.6.39 on
OL5 and OL6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2016-4485: Information leak in LLC message processing.

The Logical Link Layer networking driver does not initialize memory when
processing ancillary data requests to an LLC socket which leaks the
contents of kernel memory to userspace. A local user could use this flaw to
infer the layout of kernel memory.


* CVE-2016-4482: Information leak in USB devfs ioctl.

The USB devfs driver can leak the contents on the kernel stack to
userspace when performing a USBDEVFS_CONNECTINFO operation.


* CVE-2016-8646: Denial-of-service in cryptographic algorithm sockets.

Incorrect assumptions about sequencing of calls to hash algorithms could
result in a kernel crash with specific algorithms if accept() was called
on the socket before data was received.  A local, unprivileged user
could use this flaw to crash the system.


* CVE-2015-1420: Buffer overflow in name_to_handle_at() system call.

Due to a race condition in the name_to_handle_at() system call, it is
possible for userspace to change the length of the buffer read by the
kernel after it has been allocated. This could lead to a buffer
overflow. A local user with CAP_DAC_READ_SEARCH privileges could
potentially use this to cause denial of service or possibly escalate
their privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list