[El-errata] New Ksplice updates for UEKR3 3.8.13 on OL6 and OL7 (ELSA-2018-4211)

[Errata Announcements for Oracle Linux]

Synopsis: ELSA-2018-4211 can now be patched using Ksplice
CVEs: CVE-2017-18344 CVE-2018-10675 CVE-2018-13405 CVE-2018-7566

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-4211.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR3 3.8.13 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-18344: Information disclosure in POSIX timers.

Incorrect validation of POSIX timers could allow a local, unprivileged
user to leak the contents of arbitrary memory through /proc/$PID/timers.

Orabug: 28481409


* CVE-2018-7566: Denial-of-service when initializing ALSA sequence pool.

A race condition when initializing ALSA sequence pool leads to
use-after-free and out-of-bound memory access. An attacker can exploit
this to cause denial-of-service.

Orabug: 28459729


* CVE-2018-13405: Permissions bypass when creating file in SGID directory.

Creating an executable file in an SGID directory can result in the file
having the group ownership of the directory. This can be exploited to
elevate privileges if the file is created in a directory owned by a
privileged group.

Orabug: 28459478


* CVE-2018-10675: Use-after-free in get_mempolicy due to incorrect reference counting.

A reference count error in the get_mempolicy ioctl implementation can
result in a use-after-free. A local user could use this flaw to
escalate privileges.

Orabug: 28022108

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.