[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2020-5756)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Jul 16 06:01:39 PDT 2020 

Synopsis: ELSA-2020-5756 can now be patched using Ksplice
CVEs: CVE-2019-19769 CVE-2020-10711 CVE-2020-10757 CVE-2020-12655 CVE-2020-12770

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2020-5756.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2020-5756.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2020-12770: Information leak/DoS in SCSI generic userspace write.

When copying data from userspace to a SCSI generic (sg) device, the
associated list entry is not properly removed, potentially causing a
denial-of-service or leaking sensitive kernel information.

Orabug: 31350695


* CVE-2020-10757: Flaw in DAX page mapping allows privilege escalation.

A flaw in the kernel handling for remapping huge pages mishandles pages
mapped for the DAX (direct userspace access) subsystem. A user with
access to DAX-mapped storage could exploit this to escalate their
privileges.

Orabug: 31452396


* CVE-2020-10711: NULL pointer dereference when using CIPSO network packet labeling.

A logic error when receiving CIPSO network packets could lead to a NULL
pointer dereference. A remote attacker could use this flaw to cause a
denial-of-service.

Orabug: 31350489


* CVE-2019-19769: Use-after-free in POSIX file locking API.

A logic error in POSIX file locking API could lead to a use-after-free.
A local attacker could use this flaw to cause a denial-of-service.

Orabug: 31356246


* CVE-2020-12655: Denial-of-service when syncing data on XFS filesystem.

On logic error when syncing data on a specially crafted XFS filesystem
could let an attacker cause a denial-of-service.

Orabug: 31350920


* Buffer overflow when dumping registers in LSI Logic MegaRAID SAS RAID driver.

A logic error when dumping registers in LSI Logic MegaRAID SAS RAID
driver could lead to a buffer overflow. A local attacker could use this
flaw to cause a denial-of-service.

Orabug: 31481642


* Use-after-free when freeing received data over RDS socket.

A logic error when freeing received data over RDS socket could lead to a
use-after-free. A remote attacker could use this flaw to cause a denial-
of-service.

Orabug: 31504052

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list