[El-errata] New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2019-4820)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Oct 15 05:51:50 PDT 2019
Synopsis: ELSA-2019-4820 can now be patched using Ksplice
CVEs: CVE-2019-10207 CVE-2019-14283 CVE-2019-15666
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2019-4820.
More information about this errata can be found at
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* NULL pointer dereference during hardware reconfiguration in Cisco VIC Ethernet NIC driver.
If the receive buffer is resized while the read index points outside the
buffer, this could lead to a NULL pointer dereference.
* Information leak in mlx5 Infiniband driver.
A kernel structure was not fully initialized in the mlx5 driver's user-mode
memory reservation code, which could lead to kernel stack memory being leaked to
userspace. This flaw could be exploited by a local attacker to leak information
about the running system.
* CVE-2019-10207: NULL pointer dereference in Bluetooth TTY operations.
A missing check in some Bluetooth drivers could lead to a NULL
pointer dereference triggered by an unprivileged user while executing
certain tty operations. This could be exploited to cause a denial of
* Resource leak when deleting FIB nexthop exception.
When removing an entry from the FIB nexthop exception table, a race
condition might cause the destination device structure to become leaked,
potentially resulting in system instability or a denial-of-service.
* Out-of-bounds write in Line6 POD USB audio interface driver.
The driver for Line6 POD USB audio interfaces allocates a buffer based
on the usb_maxpacket value reported by the device itself. A malicious
device could report a value of zero to cause an out-of-bounds write,
potentially resulting in memory corruption.
* CVE-2019-14283: Denial-of-service in floppy disk geometry setting during insertion.
Missing input validation in the floppy disk geometry setting calls could
allow a malicious local user with access to the floppy device to cause
an out-of-bounds access either crashing the system or leaking the
contents of kernel memory.
* NULL pointer dereference in Reliable Datagram Socket binding.
Missing NULL pointer checks during binding of a Reliable Datagram Socket
could result in a NULL Pointer dereference and kernel crash.
Orabug: 30319176, 30304759
* NULL pointer dereference in Xen network device error handling.
Incorrect error handling when filling fragments for a Xen network device
could result in a NULL pointer dereference and kernel crash.
* Guest kernel crash in AMD VM Spectre v4 mitigation.
Incorrect handling of the MSR_IA32_SPEC_CTRL could result in a guest
kernel crash when enabling the Spectre v4 mitigation.
* Information leak in Reliable Datagram Sockets IPv6 message info.
Missing initialization could result in copying stale kernel stack
contents to user-space when copying IPv6 message info for an RDS socket.
* CVE-2019-15666: Denial-of-service in network transformation policy removal.
Missing directory validation when unlinking a network transformation
policy could result in an out-of-bounds array access and kernel crash.
* Network device resource leak in Infiniband device destruction.
Incorrect reference counting when destroying a network device could
result in a resource leak of network devices under specific conditions.
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata