[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (OVMSA-2023-0001)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Mon Jan 30 15:17:48 UTC 2023
Synopsis: OVMSA-2023-0001 can now be patched using Ksplice
CVEs: CVE-2022-2663 CVE-2022-3586 CVE-2022-3594 CVE-2022-41850 CVE-2022-43750
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle VM Security Fix Advisory, OVMSA-2023-0001.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Note: Oracle will not provide a zero-downtime update for CVE-2022-3594.
Improper management of logging in the r8152 driver when handling
interrupts can lead to logging of excessive data. A remote attacker
could use this flaw to flood the system logs and hinder the ability to
detect anomalous conditions.
The kernel is not affected by CVE-2022-3594 since the code under
consideration is not compiled.
Orabug: 34719940
* CVE-2022-3586: Use-after-free in network scheduler.
A race condition in net scheduler when enqueuing a socket buffer into a
queue discipline may lead to a use-after-free. A local user could use
this flaw to cause a denial-of-service or disclose sensitive
information.
* CVE-2022-41850: Use-after-free in Roccat support driver.
A race condition in Roccat support driver may lead to a
read-after-free. A local user could use this flaw to gain
sensitive information as a part of another type of attack.
* CVE-2022-43750: Use-after-free in USB monitor.
Incorrect permission flags set on userspace memory mappings in usbmon
could lead to a use-after-free. A local attacker could use this flaw for
a denial-of-service or escalate privileges.
Orabug: 34820828
* Improved fix to CVE-2022-2663: Firewall bypass in IRC connection tracking.
An issue in nf_conntrack_irc in unencrypted IRC protocol message
handling could result in messages being incorrectly matched by the
firewall. A remote user could use this flaw to bypass local firewall
rules.
Orabug: 34872056
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata
mailing list