[El-errata] New Ksplice updates for UEKR2 2.6.39 on OL5 and OL6 (ELSA-2020-5936)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Fri Dec 4 09:47:29 PST 2020
Synopsis: ELSA-2020-5936 can now be patched using Ksplice CVEs:
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2020-5936.
More information about this errata can be found at
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR2 2.6.39 on
OL5 and OL6 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* CVE-2017-8925: Memory leak when opening an Omninet serial driver.
An extra reference on the TTY was taken in the Omninet serial driver on
open, leading to a memory leak. A local, unprivileged user could use this
flaw to exhaust the memory on the system and cause a denial-of-service.
* CVE-2014-4508: Denial-of-service in syscall audit code when using wrong syscall number.
A flaw in the error path of the entry point of a syscall leads to a kernel
panic if syscall auditing is enabled and the syscall number is larger than
the number of syscalls. A local, unprivileged user could use this flaw to
cause a denial-of-service.
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata