[El-errata] New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2018-4134)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Wed Jun 20 06:35:20 PDT 2018
Synopsis: ELSA-2018-4134 can now be patched using Ksplice
CVEs: CVE-2016-2384 CVE-2016-2543 CVE-2016-2544 CVE-2016-2545 CVE-2016-2547
CVE-2016-2548 CVE-2016-2549 CVE-2017-1000410 CVE-2017-17741 CVE-2018-10323
CVE-2018-3665
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4134.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR3 3.8.13 on
OL6 and OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2016-2384: Privilege escalation in USB MIDI device driver.
The USB MIDI device driver does not correctly free memory when failing
to initialize an endpoint which can cause a use-after-free condition. A
local unprivileged user can use this flaw to trigger kernel code
execution.
Orabug: 28058229
* CVE-2016-2543: Denial-of-service in ALSA SNDRV_SEQ_IOCTL_REMOVE_EVENTS ioctl().
A missing NULL pointer check in the SNDRV_SEQ_IOCTL_REMOVE_EVENTS
ioctl() handler could result in a NULL pointer dereference and kernel
crash. A local user with access to an ALSA device could use this flaw
to crash the system.
Orabug: 28058229
* CVE-2016-2549: Denial-of-service in ALSA timer management.
Incorrect timer reprogramming in the ALSA subsystem could result in
deadlock. A local user with access to the device could use this flaw to
cause a denial-of-service.
Orabug: 28058229
* CVE-2017-1000410: Information leak in Bluetooth L2CAP messages.
Incorrect handling of short EFS elements in an L2CAP message could allow
an attacker to leak the contents of kernel memory.
Orabug: 28030520
* CVE-2018-10323: NULL pointer dereference when converting extents-format to
B+tree in XFS filesystem.
A logic error when converting extents-format to B+tree in XFS filesystem
could lead to a NULL pointer dereference. A local attacker could use
this flaw with a crafted XFS image to cause a denial-of-service.
Orabug: 27989498
* CVE-2016-2544, CVE-2016-2545, CVE-2016-2547, CVE-2016-2548: Use-after-free in
ALSA sequencer timers.
Multiple flaws could result in a use-after-free when adding and removing
timers in the ALSA sequencer. A local user with access to the device
could use this flaw to crash the system, or potentially escalate
privileges.
Orabug: 28058229
* CVE-2017-17741: Information leak in kvm_mmio tracepoint.
An out-of-bounds access in the kvm_mmio tracepoint could result in
disclosure of sensitive information from the host Kernel to a guest. A
malicious guest could use this flaw to facilitate a further attack on
the host Kernel.
Orabug: 27951287
* CVE-2018-3665: Information leak in floating point registers.
An information leak from floating point registers when lazy FPU context
switching was performed could allow a malicious local user to gain
access to sensitive information across process boundaries.
Orabug: 28156176
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata
mailing list