[El-errata] New Ksplice updates for UEKR2 2.6.39 on OL5 and OL6 (ELSA-2017-3637)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Nov 7 01:32:06 PST 2017
Synopsis: ELSA-2017-3637 can now be patched using Ksplice
CVEs: CVE-2016-10044 CVE-2017-1000380 CVE-2017-100363 CVE-2017-10661
CVE-2017-14489 CVE-2017-7308 CVE-2017-8831 CVE-2017-9074 CVE-2017-9075 CVE-2017-9077
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2017-3637.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR2 2.6.39 on
OL5 and OL6 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2017-14489: NULL pointer dereference in the SCSI transport layer.
A logic error when checking the bounds to be read from a netlink socket in
the SCSI could lead to a NULL pointer dereference. A local user could use
this flaw to cause a denial-of-service.
* CVE-2017-10661: Data race when canceling timer file descriptors causes
denial-of-service.
Missing serialization when canceling timer file descriptors could cause
the cancels to race, causing a data race or use-after-free, potentially
resulting in a kernel crash and denial-of-service.
* CVE-2017-9075: Denial-of-service in SCTPv6 sockets.
A use-after-free in the SCTPv6 sockets could allow a local, unprivileged
user to crash the kernel, causing a denial of service.
* CVE-2017-9077: Denial-of-service in TCPv6 sockets.
A use-after-free in the TCPv6 sockets could allow a local, unprivileged
user to crash the kernel, causing a denial of service.
* CVE-2017-9074: Information leak via ipv6 fragment header.
The header size of an ipv6 fragment is not properly checked, potentially
allowing an attacker to read out-of-bounds memory when attempting to
parse it, leaking information.
* CVE-2017-1000380: Information leak when reading timer information from ALSA
devices.
A missing data initialization and a race condition when reading timer
information of ALSA devices from user space could lead to an information
leak. A local attacker could use this flaw to get information about
running kernel and facilitate an attack.
* CVE-2017-100363: Denial-of-service in printer driver setup.
Missing validation on the "lp" module parameter could result in an
out-of-bounds access and integer overflow. A local, privileged user
could use this flaw to crash the kernel or defeat secure boot
protections.
* CVE-2017-7308: Memory corruption in AF_PACKET socket options.
Multiple integer overflows in the AF_PACKET setsockopt implementation can
trigger kernel memory corruption. A local user could use this flaw to elevate
privileges.
* CVE-2016-10044: Permission bypass when setting up an async io filesystem.
Missing limitation on execution access when setting up an async io
filesystem could allow a local attacker to bypass SELinux restrictions
and leads to permission bypass.
* CVE-2017-9074: Denial-of-service when using Generic Segmentation Offload on
IPV6 socket.
A missing check when using Generic Segmentation Offload on IPV6 socket
could lead to a memory leak. A local attacker could use this flaw to cause
a denial-of-service.
* CVE-2017-8831: Denial-of-service when using NXP SAA7164 video driver.
A missing check on user input when using NXP SAA7164 video driver could
lead to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata
mailing list