[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2021-9037)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Feb 11 05:37:33 PST 2021 

Synopsis: ELSA-2021-9037 can now be patched using Ksplice
CVEs: CVE-2020-29660 CVE-2020-36158 CVE-2021-20177

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2021-9037.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2021-9037.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2020-29660: Use-after-free in tty subsystem.

Locking inconsistencies in the tty subsystem whilst handling certain
ioctls could result in a use-after-free. A local user could use this to
cause an information leak or denial of service.

Orabug: 32266677


* Restrict NLM interval based host rebinding to UDP.

Time interval based rebinding of TCP clients is not needed and may
lead to an unrecoverable situation where connections are not able to
be established.

Orabug: 32337715


* CVE-2020-36158: Out-of-bounds memory write in wireless mwifiex driver.

A logic error in mwifiex wireless driver may overwrite allocated buffer
space.  A local user could exploit this vulnerability to cause a
denial-of-service or potentially escalate privileges.

Orabug: 32349203


* Warning message when offlining x86 CPU.

When shutting down an x86 CPU, the processor might not be correctly
marked as inactive, which can result in a warning being displayed.

Orabug: 32234812


* CVE-2021-20177: Malicious netfilter rule causes denial-of-service.

Invalid string comparisons on packet data when filtering network traffic
could result in a kernel panic. A malicious user with CAP_NET_ADMIN
might exploit this to cause a denial-of-service.

Orabug: 32372530

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list