[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2018-4108)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu May 17 21:34:25 PDT 2018
Synopsis: ELSA-2018-4108 can now be patched using Ksplice
CVEs: CVE-2017-15129 CVE-2017-15299 CVE-2017-16994 CVE-2017-17448 CVE-2017-17449 CVE-2017-17741 CVE-2017-7294 CVE-2018-5332
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4108.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* CVE-2017-15129: Use-after-free in network namespace when getting namespace ids.
A race condition in the net namespace code could lead to a double
free and memory corruption. A local attacker could use this flaw to
cause a denial-of-service.
* CVE-2018-5332: Out-of-bounds write when sending messages through Reliable Datagram Sockets.
A missing check when sending messages through Reliable Datagram Sockets
could lead to an out-of-bounds write in the heap. A local attacker could
use this flaw to cause a denial-of-service.
* CVE-2017-7294: Denial-of-service when creating surface using DRM driver for VMware Virtual GPU.
A missing parameter check when using "surface define" ioctl of DRM
driver for VMware Virtual GPU could lead to a NULL pointer dereference.
A local attacker could use this flaw to cause a denial-of-service.
* CVE-2017-15299: Denial-of-service in uninstantiated key configuration.
A failure to check whether or not a key is instantiated before
performing operations on it can result in a NULL pointer dereference,
leading to a kernel crash. A local user could use this flaw to cause a
* CVE-2017-16994: Information leak when using mincore system call.
A logic error with huge TLBs when using mincore system call could lead
to an information leak. A local attacker could use this flaw to leak
information about running kernel and facilitate an attack.
* CVE-2017-17449: Missing permission check in netlink monitoring.
Netlink monitoring is not correctly restricted to the local namespace.
Nlmon can currently be used to sniff packets on the entire system.
* CVE-2017-17448: Unprivileged access to netlink namespace creation.
net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4
does not require the CAP_NET_ADMIN capability for new, get, and del
operations, which allows local users to bypass intended access
restrictions because the nfnl_cthelper_list data structure is shared
across all net namespaces.
* NULL pointer dereference when rebuilding caches in Reliable Datagram Sockets protocol.
A logic error when rebuilding caches in Reliable Datagram Sockets
protocol could lead to a NULL pointer dereference. A local
attacker could use this flaw to cause a denial-of-service.
* CVE-2017-17741: Denial-of-service in kvm_mmio tracepoint.
An out-of-bounds access in the kvm_mmio tracepoint could result in a
kernel crash. A malicious guest could use this flaw to crash the
* Denial-of-service of KVM L1 nested hypervisor when exiting L2 guest.
A logic error when setting back CR4 register in KVM L1 nested hypervisor
when exiting L2 guest could lead to a kernel panic. A local attacker
could use this flaw to cause a denial-of-service.
* Improved CPU feature detection on microcode updates.
Incorrect handling of new CPU features introduced with a microcode
update could fail to be detected by the system or propagated to guest
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata