[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2018-4200)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Aug 21 06:10:09 PDT 2018
Synopsis: ELSA-2018-4200 can now be patched using Ksplice
CVEs: CVE-2018-1000004 CVE-2018-7566
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4200.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* CVE-2018-1000004: Use-after-free when using MIDI sequencer ioctl.
A race condition when using MIDI sequencer ioctl could lead to a
use-after-free. A local attacker could use this flaw to cause a
* CVE-2018-7566: Denial-of-service when initializing ALSA sequence pool.
A race condition when initializing ALSA sequence pool leads to
use-after-free and out-of-bound memory access. An attacker can exploit
this to cause denial-of-service.
* Use-after-free in Oracle ASM integrity unmapping.
When an old Oracle ASMLIB was used that did not contain integrity
support, ownership of an I/O structure could be incorrectly unmapped by
the Oracle ASM driver resulting in a subsequent invalid memory
dereference and kernel crash.
* Missing error detection in Oracle ASM I/O completion.
Missing handling of some I/O layer error codes could result in failing
to correctly handle all error conditions.
* Memory leak in Oracle ASM driver during integrity unmap.
Incomplete vector walking when unmapping a vector could result in a
memory leak and eventual resource exhaustion.
* Memory corruption in Oracle ASM transfers.
Incorrect handling of flags could result in confusion between remapping
and integrity check disable. This could result in incorrect integrity
checks and invalid memory accesses.
* Use-after-free in Oracle ASM request timer.
A use-after-free could result in an invalid memory dereference and
kernel crash when finishing an Oracle ASM block transfer.
* IO hang in LSI MegaRAID adapter reset.
Incorrect handling of message signalled interrupts could result in
failure to complete the adapter result and an I/O hang on some
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata