[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2018-4025)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Feb 13 00:22:46 PST 2018
Synopsis: ELSA-2018-4025 can now be patched using Ksplice
CVEs: CVE-2017-0861 CVE-2017-12193 CVE-2017-14140 CVE-2017-15115 CVE-2017-17712 CVE-2017-5715 CVE-2017-8824
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4025.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* Additional indirect branch speculation improvements for CVE-2017-5715.
The original fix for CVE-2017-5715 did not cover all kernel entry paths
allowing a local user to carry out Spectre attacks in very specific
conditions. Orabug: 27449045
* CVE-2017-17712: Information leak in raw IPV4 socket sendmsg().
A race condition in the raw_sendmsg() call for IPV4 raw sockets could
allow a local user to leak the contents of kernel memory.
* CVE-2017-15115: Use-after-free in SCTP peel off operation inside network namespace.
A logic error when performing an SCTP peel off operation from a network
namespace can result in an incorrect free, leading to a subsequent
use-after-free. A local user could use this flaw to cause a
denial-of-service, or potentially escalate privileges.
* CVE-2017-14140: ASLR bypass due to insufficient permissions checks in move_pages.
A failure to correctly check permissions when using the move_pages
system call can allow an attacker to map out the address space of a
process which shares the same uid. A local user could use this flaw to
facilitate a further attack.
* CVE-2017-12193: Denial-of-service in generic associative array implementation.
A logic error when inserting a new entry into an associative array can
result in a NULL pointer dereference, leading to a Kernel crash. A local
user could use this flaw to cause a denial-of-service.
* CVE-2017-0861: Use-after-free in ALSA sound subsystem.
A race condition when closing an ALSA device descriptor could cause a
use-after-free, potentially allowing an attacker to write to protected
memory and cause a privilege escalation.
* CVE-2017-8824: Privileges escalation when calling connect() system call on a DCCP socket.
A missing free when calling connect() system call on a DCCP socket while it is
in DCCP_LISTEN state could lead to a use-after-free. A local attacker
could use this flaw to escalate privileges.
* Denial-of-service in Huge TLB mappings during process exit.
Incorrect reference counting on shared page tables could result in
triggering a kernel assertion and crash when exiting a process. A local,
unprivileged user could use this flaw to crash the system.
* Secure-boot protections bypass in /dev/mem mmap().
Missing securelevel checks in the /dev/mem driver could allow a user to
access system memory via an mmap() call, defeating secure-boot
* Kernel crash in Broadcom NetXtreme-C/E firmware responses.
Incorrect locking when reading parameters from a firmware response could
result in memory corruption and a kernel crash.
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata