[El-errata] New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2021-9470)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Oct 5 07:28:12 PDT 2021 

Synopsis: ELSA-2021-9470 can now be patched using Ksplice
CVEs: CVE-2021-28950

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2021-9470.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2021-9470.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Provide the ability to conditionally send ARP probes to all slaves.

On certain systems, link up messages may show up for a standby link on
bonding, every few seconds.

To help alleviate this, we provide a sysctl to enable whether or not
ARP probes will be sent to all slaves, or only the currently active
slave, which is default.


To enable sending ARP probes to all slaves, run:

   sysctl ksplice_arp_allslaves=1


To re-enable sending ARP probes only to the active slave, run:

   sysctl ksplice_arp_allslaves=0



Orabug: 33352735


* Rate limit mlx5 dmesg error output.

A logic error may cause an inordinate amount of error messages to show
up in dmesg when experiencing issues in the mlx5 subsystem. While
these messages are valuable, this may lead to a depletion of system
resources.


Orabug: 33305503


* Denial-of-service in block device subsystem.

A logic error whilst removing a gendisk device may lead to a deadlock
in the block device subsystem.  This could cause an denial-of-service.


Orabug: 33406819


* CVE-2021-28950: Denial-of-service in FUSE due to improper inodes handling.

A failure to properly handle bad inodes in the FUSE user space file
system implementation could lead to a CPU stall because a retry loop
continually finds the same bad inode. A local attacker could use this
flaw to cause a denial of service.

Orabug: 33406810

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list