[El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2023-12824)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Oct 24 16:21:54 UTC 2023 

Synopsis: ELSA-2023-12824 can now be patched using Ksplice
CVEs: CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-42753 CVE-2023-4881

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-12824.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2023-12824.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-42753: Privilege escalation in the netfilter subsystem.

A logic error when calculating an array offset in the netfilter
subsystem could lead to an out-of-bounds access. A local attacker could
use this flaw to escalate privileges or to cause a denial-of-service.

Orabug: 35824297


* CVE-2023-39192: Out-of-bounds access in Netfilter xt_u32 module.

Incomplete input validation in Netfilter xt_u32 extension module
allows a local privileged user to cause an out-of-bounds read.  This can
lead to a denial-of-service or information disclosure.

Orabug: 35824297


* CVE-2023-39193: Out-of-bounds access in Netfilter xt_sctp module.

Incomplete input validation in Netfilter xt_sctp extension module allows a
local user with CAP_NET_ADMIN privileges to cause an out-of-bounds read.  This
can lead to a denial-of-service or information disclosure.

Orabug: 35824297


* CVE-2023-4881: Out-of-bounds access in Netfilter nf_tables exthdr subsystem.

Incorrect logic in the Netfilter nf_tables exthdr subsystem can lead to
out-of-bounds stack write.  This can potentially lead to stack corruption and
denial-of-service or information disclosure.

Orabug: 35824297


* CVE-2023-39189: Out-of-bounds access in Netfilter OSF over NFNETLINK interface.

Insufficient input validation in the Netfilter OSF over NFNETLINK interface
can lead to an out-of-bounds read.  This can lead to information disclosure.

Orabug: 35824297

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list