[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2017-3635)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Mon Nov 6 05:19:10 PST 2017
Synopsis: ELSA-2017-3635 can now be patched using Ksplice CVEs:
CVE-2017-10661 CVE-2017-12154 CVE-2017-14106 CVE-2017-14489 CVE-2017-7482
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2017-3635.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* Kernel hang in directory entry invalidation race.
A race condition when calling d_invalidate() could result in a kernel
hang and then panic due to watchdog timeout. A system under heavy I/O
load could become unresponsive and hang under specific conditions.
* CVE-2017-14106: Divide-by-zero on TCP disconnect.
A missing initialization of the TCP Maximum Segment Size (MSS) to the
minimum authorized MSS value could lead to a division by zero on TCP
disconnect. A local user could use this flaw to cause a denial-of-service.
* CVE-2017-7482: Memory corruption when decoding Kerberos 5 ticket.
A boundary condition error when decoding Kerberos 5 tickets using the
RXRPC keys leads to local buffer overflow. This could lead to memory
corruption and possible privilege escalation.
* CVE-2017-7618: Remote denial of service in asynchronous hash functions.
In certain cases, a remote attacker could trigger an edge condition in the
kernel's CRC and cryptographic hash function facilities. This could cause
the kernel to crash or lock up.
* CVE-2017-12154: Memory corruption when releasing resources of a virtual CPU in KVM.
A failure to ensure that the shadow VMCS were active on the running CPU
before releasing them could lead to memory corruptions. An attacker inside
a guest could potentially use this flaw to cause a denial-of-service of the
* CVE-2017-10661: Data race when canceling timer file descriptors causes denial-of-service.
Missing serialization when canceling timer file descriptors could cause
the cancels to race, causing a data race or use-after-free, potentially
resulting in a kernel crash and denial-of-service.
* CVE-2017-14489: NULL pointer dereference in the SCSI transport layer.
A logic error when checking the bounds to be read from a netlink socket in
the SCSI could lead to a NULL pointer dereference. A local user could use
this flaw to cause a denial-of-service.
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata