[El-errata] New Ksplice updates for OL 6, RHEL 6, CentOS 6, and Scientific Linux 6 (RHSA-2018:2164)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Jul 17 13:09:31 PDT 2018


Synopsis: RHSA-2018:2164 can now be patched using Ksplice
CVEs: CVE-2018-10675 CVE-2018-10872 CVE-2018-3639 CVE-2018-3665 CVE-2018-8897

Systems running RHCK on Oracle Linux 6, Red Hat Enterprise Linux 6,
CentOS 6, and Scientific Linux 6 can now use Ksplice to patch against
the latest Red Hat Security Advisory, RHSA-2018:2164.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running OL 6, RHEL 6,
CentOS 6, and Scientific Linux 6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Improved AMD fix to CVE-2018-3639: Speculative Store Bypass information leak.

The original vendor fix for CVE-2018-3639 did not expose the mitigation
to KVM guests on AMD or correctly handle symmetric multithreading (SMT)
systems.

This update enables the speculative store bypass mitigation full time to
protect guests and SMT systems by default on AMD systems and can be
manually enabled/disable by writing 1/0 to
/proc/sys/vm/ksplice_ssbd_control.  The /proc/sys/vm/ksplice_ssbd_status
file reports the current mitigation status.


* CVE-2018-10675: Use-after-free in get_mempolicy due to incorrect reference counting.

A reference count error in the get_mempolicy ioctl implementation can
result in a use-after-free. A local user could use this flaw to
escalate privileges.


* CVE-2018-10872 (CVE-2018-8897): Denial-of-service in KVM breakpoint handling.

Incorrect stack management of data watchpoints and breakpoints could
allow an unprivileged user to crash the system.

OraBug: 27895351


* CVE-2018-3665: Information leak in floating point registers.

An information leak from floating point registers when lazy FPU context
switching was performed could allow a malicious local user to gain
access to sensitive information across process boundaries.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.






More information about the El-errata mailing list