[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2018-4062)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Apr 12 00:10:57 PDT 2018 

Synopsis: ELSA-2018-4062 can now be patched using Ksplice
CVEs: CVE-2017-17052 CVE-2017-7518 CVE-2018-7492

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4062.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-17052: Denial-of-service due to incorrect reference counting in fork.

An incorrect decrement of a reference counter in an error path can
result in a NULL pointer dereference during a fork syscall. A local user
could use this flaw to cause a denial-of-service.

Orabug: 27290198


* Weakness when checking the keys in the XTS crypto algorithm.

The FIPS 140-2 IG 1.9 mandates that the key is different from the tweak
key, which was not enforced in the kernel implementation, potentially
weakening its use.

Orabug: 26182706


* CVE-2018-7492: Denial-of-service when setting options for RDS over Infiniband socket.

A missing check when setting RDS_GET_MR option for RDS over Infiniband
socket could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.

Orabug: 27477007


* CVE-2017-7518: Privilege escalation in KVM emulation subsystem.

An implementation error in the syscall instruction emulation in KVM
leads to a kernel exception raised in userspace. A user/process inside
guest could use this flaw to potentially escalate their privileges
inside guest.

Orabug: 27669907


* Information leak when setting crypto key using RNG algorithm.

A missing zeroing of freed memory could lead to the leak of the RNG key
used to encrypt data. A local attacker could use this flaw to decrypt
sensitive data.

Orabug: 26182706


* Deadlock while queuing messages before remote node is up using RDS protocol.

A logic error when queuing messages before remote RDS node is up could
lead to a deadlock. A local attacker could use this flaw to cause a
denial-of-service in user-space.

Orabug: 27606909


* NULL pointer dereference when using bind system call on RDS over Infiniband socket.

A logic error when using bind system call on RDS over Infiniband
instance could lead to a NULL pointer dereference. A local attacker
could use this flaw to cause a denial-of-service.

Orabug: 27636704

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list