[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2018-4011)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Jan 16 09:24:10 PST 2018

Synopsis: ELSA-2018-4011 can now be patched using Ksplice
CVEs: CVE-2017-5715

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4011.


We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


* CVE-2017-5715: Spectre bypass in Intel VMX KVM guest exit.

A logic error when handling a guest exit could fail to restrict
speculative execution, potentially allowing a malicious guest to leak
information from the host kernel.

Orabug: 27369994

* CVE-2017-5715: Spectre bypass in 32-bit system calls.

Incorrect setting of restricted speculation for 32-bit system calls
could allow a malicious 32-bit application to bypass Spectre
protections, leaking the contents of system memory.

Orabug: 27339995

* Use-after-free in ptrace access checks.

Incorrect RCU locking could result in a use-after-free when checking
permissions for ptrace related accesses.  A local, unprivileged user
could use this flaw to crash the system.

Orabug: 27339995

* Incorrect ibrs_enabled+ibpb_enabled reporting.

A logic error when returning the ibrs_enabled/ibpb_enabled sysctl values
could incorrectly report that the protections where enabled despite
being disabled on the kernel command line.

Orabug: 27363792


Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list