[El-errata] New Ksplice updates for RHCK 6 (RHSA-2017:1486-1)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Jun 28 11:03:42 PDT 2017


Synopsis: RHSA-2017:1486-1 can now be patched using Ksplice
CVEs: CVE-2017-1000364

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle kernel update, RHSA-2017:1486-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 6 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-1000364: Increase stack guard size to 1 MiB.

A vulnerability in how userspace programs are compiled can cause the
program's stack to grow into the program's heap and corrupt either of
them. Depending on which program is targeted, an attacker can gain
additional privileges.

This update provides a new sysctl variable which can be used to tune
the gap between a program's heap and stack. To change it, use e.g.:

    # set gap to 32 MiB
    echo 33554432 > /proc/sys/vm/heap_stack_gap

This update is a kernel mitigation for what is fundamentally a
userspace problem. As such, there is no guarantee that it will stop
every potential attack vector, but it will stop the ones that are
currently known and make it much more difficult to exploit in general.

Running processes where the stack and heap are already very close may
need to be restarted for the change to take effect. It is therefore
recommended that long-running processes and network daemons are
restarted after applying this update.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.






More information about the El-errata mailing list