[El-errata] New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2018-4040)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Wed Feb 28 00:06:07 PST 2018
Synopsis: ELSA-2018-4040 can now be patched using Ksplice
CVEs: CVE-2017-14106 CVE-2017-16525 CVE-2017-16526 CVE-2017-16529 CVE-2017-16531 CVE-2017-16535 CVE-2017-7482 CVE-2017-8824 CVE-2017-9074
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4040.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR3 3.8.13 on
OL6 and OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2017-8824: Privileges escalation when calling connect() system call on a DCCP socket.
A missing free when calling connect() system call on a DCCP socket while it is
in DCCP_LISTEN state could lead to a use-after-free. A local attacker
could use this flaw to escalate privileges.
Orabug: 27290301
* CVE-2017-16535: Out-of-bounds memory access when reading USB descriptors.
A missing check when reading USB descriptors could lead to an
out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.
Orabug: 27207983
* CVE-2017-16531: Out-of-bounds access in USB configuration parsing.
A failure to correctly validate a USB interface association description
can result in an out-of-bounds memory access.
Orabug: 27207240
* CVE-2017-16529: Out-of-bounds due to corrupted buffer parsing in USB audio.
A failure to validate buffer descriptors from a USB audio device can
result in an out-of-bounds memory access.
Orabug: 27206928
* CVE-2017-16526: Denial-of-service in failed launch of UWB daemon.
A failure to handle an error case when launching the UWB management
daemon can result in an invalid pointer dereference leading to a kernel
crash.
Orabug: 27206897
* CVE-2017-16525: Use-after-free in USB serial console setup failure.
A failure to handle an error case during USB serial console setup can lead to
a use-after-free.
Orabug: 27206837
* Data corruption when trimming OCFS2 filesystem.
A bug in the implementation of FITRIM ioctl in OCFS2 could result in
data corruption when trimming the filesystem. The resulting corruption
cannot be fixed using fsck.
Orabug: 27099835
* CVE-2017-7482: Memory corruption when decoding Keberos 5 ticket.
A boundary condition error when decoding Keberos 5 tickets using the
RXRPC keys leads to local buffer overflow. This could lead to memory
corruption and possible privilege escalation.
Orabug: 26880517
* CVE-2017-14106: Divide-by-zero on TCP disconnect.
A missing initialization of the TCP Maximum Segment Size (MSS) to the
minimum authorized MSS value could lead to a division by zero on TCP
disconnect. A local user could use this flaw to cause a denial-of-service.
Orabug: 26813390
* CVE-2017-9074: Information leak via ipv6 fragment header.
The header size of an ipv6 fragment is not properly checked, potentially
allowing an attacker to read out-of-bounds memory when attempting to
parse it, leaking information.
Orabug: 26403972
* Denial-of-service when starting and stopping multiple KVM guests.
A race condition on guest timer handling when starting and stopping
multiple KVM guests could lead to a host deadlock. A local attacker
could use this flaw to cause a denial-of-service.
Orabug: 27065995
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata
mailing list