[El-errata] New Ksplice updates for RHCK 7 (ELSA-2018-0151)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Feb 1 09:50:21 PST 2018


Synopsis: ELSA-2018-0151 can now be patched using Ksplice
CVEs: CVE-2015-8539 CVE-2017-12192 CVE-2017-12193 CVE-2017-15649 CVE-2017-5715 CVE-2017-7472

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-0151.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 7 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-7472: Denial-of-service when setting default request-key keyring.

A logic error when a user set default request-key keyring multiple
times could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a kernel panic.


* CVE-2015-8539: Denial-of-service when updating a negatively instantiated user cryptographic key.

A lack of checking the key was not negatively instantiated when updating a
user cryptographic key could lead to a BUG assertion to trigger.  A local,
unprivileged user could use this flaw to cause a denial-of-service.


* CVE-2017-12193: Denial-of-service in generic associative array implementation.

A logic error when inserting a new entry into an associative array can
result in a NULL pointer dereference, leading to a Kernel crash. A local
user could use this flaw to cause a denial-of-service.


* CVE-2017-12192: Denial-of-service when reading negative key.

Invalid memory access when reading key negative from kernel key management
facility results in a crash. An unprivileged local user can exploit this
to cause denial-of-service.


* CVE-2017-15649: Use-after-free in AF_PACKET socket fanout.

A logic error when enabling fanout on a socket can result in the socket
being added to a list twice, which can lead to a use-after-free. A local
user could use this flaw to cause a denial-of-service or possibly
escalate privileges.


* Improved fix to CVE-2017-5715: Speculative execution branch target injection.

Under specific conditions, speculation restrictions could fail to be
applied on kernel entry allowing a bypass of Spectre protections.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.





More information about the El-errata mailing list