[El-errata] New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2018-4134)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Jun 20 06:35:20 PDT 2018

Synopsis: ELSA-2018-4134 can now be patched using Ksplice
CVEs: CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2547
CVE-2016-2548 CVE-2016-2549 CVE-2017-1000410 CVE-2017-17741 CVE-2018-10323

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4134.


We recommend that all users of Ksplice Uptrack running UEKR3 3.8.13 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


* CVE-2016-2384: Privilege escalation in USB MIDI device driver.

The USB MIDI device driver does not correctly free memory when failing
to initialize an endpoint which can cause a use-after-free condition. A
local unprivileged user can use this flaw to trigger kernel code

Orabug: 28058229

* CVE-2016-2543: Denial-of-service in ALSA SNDRV_SEQ_IOCTL_REMOVE_EVENTS ioctl().

A missing NULL pointer check in the SNDRV_SEQ_IOCTL_REMOVE_EVENTS
ioctl() handler could result in a NULL pointer dereference and kernel
crash.  A local user with access to an ALSA device could use this flaw
to crash the system.

Orabug: 28058229

* CVE-2016-2549: Denial-of-service in ALSA timer management.

Incorrect timer reprogramming in the ALSA subsystem could result in
deadlock.  A local user with access to the device could use this flaw to
cause a denial-of-service.

Orabug: 28058229

* CVE-2017-1000410: Information leak in Bluetooth L2CAP messages.

Incorrect handling of short EFS elements in an L2CAP message could allow
an attacker to leak the contents of kernel memory.

Orabug: 28030520

* CVE-2018-10323: NULL pointer dereference when converting extents-format to
B+tree in XFS filesystem.

A logic error when converting extents-format to B+tree in XFS filesystem
could lead to a NULL pointer dereference. A local attacker could use
this flaw with a crafted XFS image to cause a denial-of-service.

Orabug: 27989498

* CVE-2016-2544, CVE-2016-2545, CVE-2016-2547, CVE-2016-2548: Use-after-free in
ALSA sequencer timers.

Multiple flaws could result in a use-after-free when adding and removing
timers in the ALSA sequencer.  A local user with access to the device
could use this flaw to crash the system, or potentially escalate

Orabug: 28058229

* CVE-2017-17741: Information leak in kvm_mmio tracepoint.

An out-of-bounds access in the kvm_mmio tracepoint could result in
disclosure of sensitive information from the host Kernel to a guest.  A
malicious guest could use this flaw to facilitate a further attack on
the host Kernel.

Orabug: 27951287

* CVE-2018-3665: Information leak in floating point registers.

An information leak from floating point registers when lazy FPU context
switching was performed could allow a malicious local user to gain
access to sensitive information across process boundaries.

Orabug: 28156176


Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list