[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2017-3565)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Sun May 21 02:15:09 PDT 2017 

Synopsis: ELSA-2017-3565 can now be patched using Ksplice
CVEs: CVE-2016-10229 CVE-2017-7895

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2017-3565.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-7895: Remote information leak in kernel NFS server.

Missing bounds checks could result in an out-of-bounds memory access,
allowing a remote attacker to leak the contents of kernel memory.


* NULL pointer dereference in iSCSI target communication.

Incorrect locking could result in a NULL pointer dereference and kernel
crash when sending and receiving messages to and from an iSCSI device.


* CVE-2016-10229: Remote code execution when receiving UDP packet with short buffers.

Incorrect handling of checksums for short receive buffers could result
in applications failing to receive data from a UDP socket. A remote
attacker could use this flaw to execute arbitrary code.


* Denial-of-service in BTRFS reflinked file removal.

Removing a reflinked file on a BTRFS filesystem could result in
triggering a kernel assertion under specific conditions.  A local,
unprivileged user could use this flaw to crash the system.


* NULL pointer dereference in Hyper-V key/value store.

A missing NULL pointer check could result in a NULL pointer dereference
and kernel crash when accessing the Hyper-V key/value store.


* NULL pointer dereference in IPv6 DTRACE probe.

A missing NULL pointer check could result in a NULL pointer dereference
and kernel crash when tracing the __ip6_append_data() function.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list