[El-errata] New Ksplice updates for UEKR2 2.6.39 on OL5 and OL6 (ELSA-2019-4601)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu Apr 11 14:48:21 PDT 2019
Synopsis: ELSA-2019-4601 can now be patched using Ksplice
CVEs: CVE-2018-10877 CVE-2018-10882
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-4601.
More information about this errata can be found at
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR2 2.6.39 on
OL5 and OL6 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* CVE-2018-10882: Out-of-bounds access when unmounting a crafted ext4 filesystem.
A logic error when unmounting a crafted ext4 filesystem could lead to an
out-of-bounds access. A local attacker could use this flaw to cause a
* CVE-2018-10877: Out-of-bounds access when using corrupted ext4 filesystem with abnormal extent tree.
A missing check when using corrupted ext4 filesystem with abnormal
extent tree could lead to an out-of-bounds access. A local attacker
could use this flaw with a crafted ext4 image to cause a
* Denial-of-service with x86 fpu code and aesni-intel.
A bug in the x86 fpu code could lead to interrupts being improperly
disabled in subsequent calls. Specifically, this has been seen to
cause a kernel BUG() when a user process dumps code on an ecrypt fs
while aesni-intel is loaded. In this case, all subsequent accesses
to the ecrypt fs filesystem will hang. A malicious user could exploit
this to cause a denial-of-service.
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata