[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2017-3635)

[Errata Announcements for Oracle Linux]

Synopsis: ELSA-2017-3635 can now be patched using Ksplice CVEs:
CVE-2017-10661 CVE-2017-12154 CVE-2017-14106 CVE-2017-14489 CVE-2017-7482
CVE-2017-7618

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2017-3635.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Kernel hang in directory entry invalidation race.

A race condition when calling d_invalidate() could result in a kernel
hang and then panic due to watchdog timeout.  A system under heavy I/O
load could become unresponsive and hang under specific conditions.


* CVE-2017-14106: Divide-by-zero on TCP disconnect.

A missing initialization of the TCP Maximum Segment Size (MSS) to the
minimum authorized MSS value could lead to a division by zero on TCP
disconnect.  A local user could use this flaw to cause a denial-of-service.


* CVE-2017-7482: Memory corruption when decoding Kerberos 5 ticket.

A boundary condition error when decoding Kerberos 5 tickets using the
RXRPC keys leads to local buffer overflow. This could lead to memory
corruption and possible privilege escalation.


* CVE-2017-7618: Remote denial of service in asynchronous hash functions.

In certain cases, a remote attacker could trigger an edge condition in the
kernel's CRC and cryptographic hash function facilities. This could cause
the kernel to crash or lock up.


* CVE-2017-12154: Memory corruption when releasing resources of a virtual CPU in KVM.

A failure to ensure that the shadow VMCS were active on the running CPU
before releasing them could lead to memory corruptions. An attacker inside
a guest could potentially use this flaw to cause a denial-of-service of the
host.


* CVE-2017-10661: Data race when canceling timer file descriptors causes denial-of-service.

Missing serialization when canceling timer file descriptors could cause
the cancels to race, causing a data race or use-after-free, potentially
resulting in a kernel crash and denial-of-service.


* CVE-2017-14489: NULL pointer dereference in the SCSI transport layer.

A logic error when checking the bounds to be read from a netlink socket in
the SCSI could lead to a NULL pointer dereference.  A local user could use
this flaw to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.