[El-errata] New Ksplice updates for RHCK 6 (ELSA-2018-1319)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu May 10 06:32:47 PDT 2018 

Synopsis: ELSA-2018-1319 can now be patched using Ksplice
CVEs: CVE-2017-1000410 CVE-2017-13166 CVE-2017-18017 CVE-2017-7645 CVE-2017-8824 CVE-2018-8897

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-1319.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 6 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2018-8897: Denial-of-service in KVM breakpoint handling.

Incorrect stack management of data watchpoints and breakpoints could
allow an unprivileged user to crash the system.

OraBug: 27895351


* CVE-2017-1000410: Information leak in Bluetooth L2CAP messages.

Incorrect handling of short EFS elements in an L2CAP message could allow
an attacker to leak the contents of kernel memory.


* CVE-2017-18017: Use-after-free when using TCPMSS Netfilter.

A missing check in the netfilter TCP MSS code could lead to a
use-after-free condition.  A remote attacker could exploit this
to cause a denial of service.


* CVE-2017-8824: Privilege escalation when calling disconnect() system call on a DCCP socket.

A missing free when calling disconnect() system call on a DCCP socket
while it is in DCCP_LISTEN state could lead to a use-after-free. A local
attacker could use this flaw to escalate privileges.


* CVE-2017-13166: Privilege escalation when using V4L2 ioctls.

Logic errors in multiple V4L2 ioctls could lead to arbitrary execution
of user space defined addresses. A local attacker could use this flaw to escalate
privileges.


* CVE-2017-7645: Remote denial-of-service in NFSv2/NFSv3 server.

Due to missing input validation, long NFSv2/NFSv3 RPC requests could
cause a kernel crash. A malicious remote client could use this to
send a specially crafted message and cause a denial-of-service.


The Oracle Ksplice development team has determined that mitigations for
the Intel processor design flaws leading to vulnerability
CVE-2017-5754 cannot be applied using zero-downtime (Ksplice) patching. Oracle
therefore recommends that customers running a 32-bit kernel install the
required updates from their systems and hardware vendors as they become
available and reboot these machines upon applying these patches.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list