[El-errata] [ksplice-support_ww at oracle.com: New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2018-4242)]
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Mon Oct 15 03:50:16 PDT 2018
Synopsis: ELSA-2018-4242 can now be patched using Ksplice
CVEs: CVE-2018-12896 CVE-2018-14678 CVE-2018-16658 CVE-2018-3620 CVE-2018-3646 CVE-2018-7492
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4242.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* Incorrect Meltdown vulnerability reporting on Xen paravirtualized guests.
Xen paravirtualized guests get their Meltdown protection from the
hypervisor but this was not reflected correctly in the
* CVE-2018-12896: Denial-of-service via POSIX timer overflow.
The POSIX timer overrun value can potentially overflow an integer value
if the timer has a sufficiently long interval and expiry time. A
malicious user to create such a timer to cause a denial-of-service.
* Improved fix to CVE-2018-3620, CVE-2018-3646: Information leak in Intel CPUs under terminal fault.
The original fix for L1 Terminal Fault/Foreshadow could prevent loading
of microcode when hyperthreading was disabled or failure to mprotect
specific memory mappings.
* CVE-2018-14678: Privilege escalation in Xen PV guests.
Incorrect register accounting during paravirtualized failsafe callbacks
could result in the use of uninitialized memory and a kernel crash or
potentially escalation of privileges in a paravirtualized guest.
* CVE-2018-16658: Information leak in CD-ROM status ioctl.
An incorrect bounds check in the CD-ROM driver could allow an
out-of-bounds access and kernel information leak to an unprivileged
* Device Mapper encrypted target Support middle-endian plain64 IV.
Some encrypted devices store the initialization vector in middle endian
byte ordering and require extra kernel support.
* CVE-2018-7492: Denial-of-service when setting options for RDS over Infiniband socket.
A missing check when setting RDS_GET_MR option for RDS over Infiniband
socket could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.
* Incorrect IBRS firmware protection with IBRS disabled.
Booting a kernel with IBRS disabled would incorrectly use IBRS to
protect against firmware calls when it should have also been disabled.
* XFS filesystem failure during extended attribute replacement.
Incorrect handling of extended attribute replacement on an XFS
filesystem could result in a filesystem shutdown. A local, unprivileged
user could use this flaw to trigger a denial of service.
* Kernel hang in AMD Secure Encrypted Virtualization (SEV) encryption.
A race condition in completion code for the AMD CCP device could result
in failure to detect command completion and a kernel hang.
* Incorrect GID reporting in RoCEv2 RDMA connections.
Incorrect accessors for GIDs could result in failure to return valid
GIDs. This could manifest as connection failures or misleading
* Kernel crash in Reliable Datagram Sockets ARP flushing.
Incorrect locking when flushing ARP entries for Reliable Datagram
Sockets could result in sleeping in an atomic context and triggering a
* Packet loss in Infiniband ACL filtering.
Logic errors in the Infiniband ACL filter logging and counters could
result in incorrectly dropping packets and packet loss.
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata