[El-errata] Early update for local privilege escalation in HDLC (CVE-2017-2636)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Mar 9 00:46:49 PST 2017


Synopsis: Early update for local privilege escalation in HDLC CVE-2017-2636

We felt it's important to ship this update early, before distributions
released kernels that fix the problem, because our audit showed that we
have a large number of customers vulnerable to this issue.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack install this update.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, this
update will be installed automatically and you do not need to take any
action.

Alternatively, you can install this update by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-2636: Privilege escalation in High Level Data Synchronous TTY line discipline.

A race condition when flushing the transmit queue concurrently to sending
frames in the HDLC TTY line discipline could lead to a double free.  A
local, unprivileged user could use this flaw to elevate his privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.




More information about the El-errata mailing list