[El-errata] New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2017-3636)

Mon Nov 6 01:27:47 PST 2017

Synopsis: ELSA-2017-3636 can now be patched using Ksplice CVEs:
CVE-2016-10044 CVE-2017-1000380 CVE-2017-100363 CVE-2017-10661
CVE-2017-14489 CVE-2017-2671 CVE-2017-8831 CVE-2017-9075 CVE-2017-9077

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2017-3636.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR3 3.8.13 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2017-14489: NULL pointer dereference in the SCSI transport layer.

A logic error when checking the bounds to be read from a netlink socket in
the SCSI could lead to a NULL pointer dereference.  A local user could use
this flaw to cause a denial-of-service.

* CVE-2017-10661: Data race when canceling timer file descriptors causes denial-of-service.

Missing serialization when canceling timer file descriptors could cause
the cancels to race, causing a data race or use-after-free, potentially
resulting in a kernel crash and denial-of-service.

* CVE-2017-9075: Denial-of-service in SCTPv6 sockets.

A use-after-free in the SCTPv6 sockets could allow a local, unprivileged
user to crash the kernel, causing a denial of service.

* CVE-2017-2671: Use-after-free in ping implementation.

A race condition in the kernel ping implementation can result in a
use-after-free. A local attacker with access to ping sockets could use
this flaw to case a kernel crash or escalate privileges.

* CVE-2017-9077: Denial-of-service in TCPv6 sockets.

A use-after-free in the TCPv6 sockets could allow a local, unprivileged
user to crash the kernel, causing a denial of service.

* CVE-2017-100363: Denial-of-service in printer driver setup.

Missing validation on the "lp" module parameter could result in an
out-of-bounds access and integer overflow.  A local, privileged user
could use this flaw to crash the kernel or defeat secure boot
protections.

* CVE-2017-1000380: Information leak when reading timer information from ALSA devices.

A missing data initialization and a race condition when reading timer
information of ALSA devices from user space could lead to an information
leak. A local attacker could use this flaw to get information about
running kernel and facilitate an attack.

* CVE-2017-8831: Denial-of-service when using NXP SAA7164 video driver.

A missing check on user input when using NXP SAA7164 video driver could
lead to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.

* CVE-2016-10044: Permission bypass when setting up an async io filesystem.

Missing limitation on execution access when setting up an async io
filesystem could allow a local attacker to bypass SELinux restrictions
and leads to permission bypass.

* Denial-of-service when using PM1725 NVMe devices.

A logic error in hardware configuration of Samsung PM1725 NVMe devices
could lead to a storage unavailability and potentially memory
corruption.

* splice() read failures with OCFS2 over NFS.

In some circumstances, a valid read may return EOF, causing user space
programs to be unable to access valid file data.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.