[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2021-9442)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Fri Oct 1 00:48:31 PDT 2021
Synopsis: ELSA-2021-9442 can now be patched using Ksplice
CVEs: CVE-2019-9456 CVE-2019-9458 CVE-2020-0305 CVE-2020-0429 CVE-2020-27068 CVE-2020-28097 CVE-2021-27363 CVE-2021-27364 CVE-2021-34693 CVE-2021-3609
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2021-9442.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2021-9442.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Deadlock in Xen network backend driver.
Certain operations in the Xen network backend driver while interrupts are
disabled can cause deadlocks. A malicious or buggy frontend can cause a
denial-of-service.
Orabug: 33277550
* CVE-2021-34693: Information leak in CAN BCM message.
The header of a CAN bus BCM message contains uninitialized memory that
is transmitted over the wire. A malicious device might exploit this to
gain information about the running system.
Orabug: 33030701
* CVE-2021-3609: Privilege escalation when registering CAN message receiver.
A race condition exists within the code for handling the registration
for a CAN message receiver via the CAN BCM protocol that results in a
use-after-free. A malicious local user can exploit this flaw to write
to arbitrary memory and escalate their privileges.
Orabug: 33114649
* CVE-2020-0305: Use-after-free when failing to open file on character device.
A mishandled error case when opening a file on a generic character
device might result in a write to an invalid pointer, potentially
resulting in memory corruption or a denial-of-service.
Orabug: 33113412
* CVE-2019-9458: Use-after-free in V4L2 event subscription.
Due to insufficient locking in the V4L2 driver, an event subscription
could be freed while it is still in use. A malicious user could use
this to cause denial of service or potentially elevate privileges.
Orabug: 33113344
* CVE-2020-28097: Out-of-bounds read in the VGA text console subsystem.
Mishandled software scrollback in the VGA text console subsystem can cause
out-of-bounds reads with a potential for denial-of-service or leaking of
privileged data.
Orabug: 33047770
* CVE-2020-27068: Out-of-bounds read in cfg80211 driver.
A missing bounds check in the cfg80211 driver could allow a out-of-bounds read
which could lead to local information disclosure.
Orabug: 33114443
* CVE-2020-0429: Memory corruption in Layer Two Tunneling Protocol.
Use-after-free in l2tp can cause memory corruption leading to local escalation
of privileges.
Orabug: 33113975
* CVE-2019-9456: Out-of-bounds write in USB monitor drivers.
A missing bounds check can lead to an out-of-bounds write in the USB monitoring
code which can lead to local escalation of privilege.
Orabug: 33113260
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata
mailing list