[El-errata] New Ksplice updates for RHCK 8 (ELSA-2023-5244)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Sep 28 07:33:47 UTC 2023 

Synopsis: ELSA-2023-5244 can now be patched using Ksplice
CVEs: CVE-2023-2002 CVE-2023-3090 CVE-2023-35001 CVE-2023-35788 CVE-2023-3776 CVE-2023-4004

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-5244.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2023-5244.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 8 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-35788: Out-of-bounds memory access in Flower Packet Classifier.

Failure to sanity check packet size in the Flower Packet Classifier when
handling TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets may lead to an
out-of-bounds memory write. A malicious remote user could use this flaw
to cause a denial-of-service or escalate privileges.


* CVE-2023-35001: Out-of-bounds memory access in Netfilter nf_tables packet classification framework.

A flaw in netfilter nf_tables when evaluating byteorder expressions may
lead to an out-of-bounds memory read or write. A local user with the
CAP_NET_ADMIN capability could use this flaw to escalate privileges.


* CVE-2023-4004: Privilege escalation in netfilter PIPAPO.

A use-after-free when removing a policy from the netfilter Pile Packet
Policies subsystem might result in a denial-of-service or arbitrary code
execution.


* CVE-2023-3776: Use-after-free in netfilter classifier due to refcount error.

Incorrect refcounting in the netfilter classifier might result in
use-after-free, potentially allowing an attacker to cause a
denial-of-service.


* CVE-2023-3090: Stack overflow in ipvlan driver during transmit operation.

A failure to zero out a buffer before use can lead to an out-of-bounds
write to the current process's stack.  This flaw could be exploited by a
local attack to cause a denial of service, or other undefined behavior.


* CVE-2023-2002: Insufficient capability check in the Bluetooth HCI sockets subsystem.

An insufficient capability check in the Bluetooth HCI sockets subsystem can
allow an unprivileged program to mark a socket as trusted.  This can allow
escalation of privileges, denial-of-service and information leak.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list