[El-errata] New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2019-4746)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Aug 20 07:43:16 PDT 2019
Synopsis: ELSA-2019-4746 can now be patched using Ksplice
CVEs: CVE-2018-16871 CVE-2019-11833 CVE-2019-12378 CVE-2019-12381 CVE-2019-12382 CVE-2019-13272 CVE-2019-13631
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-4746.
More information about this errata can be found at
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* CVE-2019-12381, CVE-2019-12378: NULL pointer dereferences in the IP to socket glue.
Failures to check that a kmalloc succeeded when allocating a new router
alert in the IPv4 and IPv6 to socket glue code could lead to a NULL pointer
dereference. A remote user on the same network could use this flaw to
cause a denial-of-service.
Orabug: 29926004, 29926056
* CVE-2019-11833: Information leak in ext4 extent tree block.
A missing zeroing of uninitialized memory in ext4 extent tree block
could lead to an information leak. A local attacker could use this flaw
to leak information about running kernel and facilitate an attack.
* Use-after-free in dentry cache handling code of OCFS2 driver.
A race condition in dentry cache handling code of OCFS2 driver could lead to a
use-after-free. A local attacker could use this flaw to cause a
* Memory corruption in QLogic QED network driver module unload.
Missing locking when unloading the QLogic QED device driver could result
in memory corruption and a kernel crash.
* Memory corruption in QLogic QED connection termination.
Race conditions when terminating a QLogic QED connection could result in
multiple frees to a single resource and memory corruption.
* Denial-of-service when transmitting via QLogic ethernet device.
When transmitting data via a QLogic ethernet device, a race condition
could lead to accessing the underlying packet buffers after they were
freed, resulting in a potential kernel crash and denial-of-service.
* Information leak in QLogic ethernet driver.
During error condition when connecting a QLogic ethernet device, invalid
type conversions could result in out-of-bounds data on the stack being
written as error output.
* Out-of-bounds access in debug messages of QLogic QEDI 25/40/100Gb iSCSI Initiator driver.
A logic error in debug messages of QLogic QEDI 25/40/100Gb iSCSI
Initiator driver could lead to an out-of-bounds access. A local attacker
could use this flaw to cause a denial-of-service.
* Memory leak in the RDS Infiniband receive path when fragment size changes.
A missing release of ressources in the RDS Infiniband receive path when the
fragment size is updated leads to a memory leak.
* NULL pointer dereference in QLogic BNX2 restart.
Failure to correctly restart the BNX2 device when DMA allocation failed
could trigger a NULL pointer dereference and kernel crash.
* XSA-300: Denial-of-service in Xen memory ballooning.
A logic error in the Xen memory balloon device driver could result in
exhaustion of resources or crashes of the backend device drivers
resulting in IO stalls or guest failures. A local privileged user could
use this flaw to cause a denial of service.
* Deadlock when performing controller ioctls in NVMe driver.
A locking error when performing controller ioctls in NVMe driver could
lead to deadlock. A local attacker could use this flaw to cause a
* Memory leak when uninitializing NVMe controller.
A logic error when uninitializing NVMe controller could lead to a memory
leak. A local attacker could use this flaw to exhaust kernel memory and
cause a denial-of-service.
* Integer overflow in namespace list calculation of NVMe driver.
A logic error in namespace list calculation of NVMe driver could lead to
an integer overflow. A local attacker could use this flaw to cause a
* Invalid memory access during open in Broadcom NetXtreme-C/E driver.
Missing check after an error occurs when opening Broadcom NetXtreme-C/E
interface could lead to an invalid memory access. A local attacker could
use this flaw to cause a denial-of-service.
* Kernel crash in MEGARAID SAS firmware crashdump loading.
Missing bounds checks when loading firmware crashdump could result in an
out-of-bounds access and kernel panic.
* CVE-2019-13631: Denial-of-service in GTCO CalComp/InterWrite tablet.
Missing range checks could allow an out-of-bounds stack memory write
when parsing USB descriptors. A physically present user could use a
malicious device to trigger an out-of-bounds access leading to a kernel
* CVE-2019-13272: Privilege escalation in ptrace implementation.
A logic error in the ptrace implementation core can allow a malicious
user process to gain unintended privileges, which could be further
abused to ptrace an suid binary and gain root privileges.
* CVE-2018-16871: Denial-of-service in NFS copy and clone operations.
A logic error when performing NFS clone or copy operations could result
in a NULL pointer dereference and kernel crash. A remote user with
permissions to mount an exported NFS filesystem could use this flaw to
crash the server.
* CVE-2019-12382: Denial-of-service in DRM firmware loading.
Incorrect error handling could result in a NULL pointer dereference and
crash when loading firmware under low memory conditions.
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata