[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2019-4528)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Feb 1 08:41:25 PST 2019 

Synopsis: ELSA-2019-4528 can now be patched using Ksplice
CVEs: CVE-2018-18397 CVE-2019-5489

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-4528.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-5489: Side-channel information leak in kernel page cache.

A side-channel exposed through the mincore() system call could allow a
local unprivileged user to leak access timings from other process and
infer sensitive data.

Orabug: 29187415


* Denial-of-service in Reliable Datagram Socket reconnection.

Incorrect timeout logic when performing a reconnection to the same IP
address could result in a flood of reconnect attempts.  This could be
exploited by a local user to trigger a network denial of service on the
interface.

Orabug: 29138813


* Incorrect file modification time for empty files on NFSv4.1 mounts.

Incorrect handling of empty file creation on an NFSv4.1 mount could
result in incorrect decoding of the modified time leading to files with
an incorrect mtime on both the client and server.

Orabug: 29204157


* Denial-of-service in Xen block device on invalid request type.

An incorrect kernel assertion could result in a kernel crash when
handling an invalid request type.  A privileged user in a Xen guest
could use this flaw to crash the system.

Orabug: 29199843


* CVE-2018-18397: Filesystem permissions bypass with userfaultfd.

Incorrect permissions checks on a tmpfs or hugetlbfs filesystem with
userfaultfd could allow a local user to bypass filesystem permissions
checks and make changes to files that they should not have access to.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list