[El-errata] New Ksplice updates for UEKR2 2.6.39 on OL5 and OL6 (ELSA-2018-4301)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Mon Dec 10 12:09:41 PST 2018
Synopsis: ELSA-2018-4301 can now be patched using Ksplice
CVEs: CVE-2014-7970 CVE-2014-9728 CVE-2016-3713 CVE-2017-17805 CVE-2017-17806 CVE-2018-1000204 CVE-2018-18710 CVE-2018-7566 CVE-2018-7755
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4301.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR2 2.6.39 on
OL5 and OL6 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* CVE-2017-17806: Denial-of-service in HMAC algorithms.
Invalid algorithm combinations could result in buffer overflows or other
undefined behaviour when using a keyed hash algorithm. A local,
unprivileged user could use this flaw to crash the system, or
potentially, escalate privileges.
* CVE-2017-17805: Denial-of-service in SALSA20 block cipher.
Incorrect handling of zero length buffers could result in an invalid
pointer dereference and kernel crash. A local, unprivileged user could
use this flaw to crash the system, or potentially, escalate privileges.
* CVE-2018-7755: Information leak through floppy disk driver ioctl.
A logic error when using floppy disk driver ioctl could lead to a kernel
address leak. A local attacker could use this flaw to get address of
running kernel and facilitate an attack.
* CVE-2014-9728: Information link in UDF filesystem symlinks.
Missing validation of symlinks could allow a local attacker with a
maliciously crafted filesystem to leak the contents of kernel memory to
* CVE-2018-18710: Information leak when checking the CD-ROM slot status.
An incorrect bounds check in the CD-ROM driver could allow an out-of-bounds
access and kernel information leak to an unprivileged user.
* CVE-2016-3713: Privilege escalation in KVM MTRR emulation.
Incorrect validation of emulated MTRR MSRs can allow a guest VM to read
and write memory in the KVM host. This may allow a privileged guest to
gain code execution in the KVM host.
* CVE-2018-1000204: Kernel information leak when performing SG_IO ioctl.
A vulnerability in the SCSI subsystem allows copying uninitialized
kernel memory to userspace. This could provide an attacker with
sensitive kernel information.
* CVE-2018-7566: Denial-of-service when initializing ALSA sequence pool.
A race condition when initializing ALSA sequence pool leads to
use-after-free and out-of-bound memory access. An attacker can exploit
this to cause denial-of-service.
* CVE-2014-7970: Memory corruption when using pivot_root.
A flaw in the pivot_root syscall leads to a corruption of the mount tree
when calling with a directory outside a chroot. A local user could use this
flaw to cause a memory corruption and likely a denial-of-service.
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata