[El-errata] New Ksplice updates for RHCK 9 (ELSA-2024-3619)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Mon Jul 1 18:56:38 UTC 2024
Synopsis: ELSA-2024-3619 can now be patched using Ksplice
CVEs: CVE-2024-26993 CVE-2024-35889
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2024-3619.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2024-3619.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running RHCK 9 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2024-26993: Resourse leak in SysFS file system support.
An incorrect logic in SysFS file system support driver of the Linux
kernel when force removing an attribute can lead to a resource leak.
An attacker can use this flaw to destabilize the kernel and cause
excessive resource consumption of the kernel or as an additional
step in another types of attacks.
* CVE-2024-35889: Denial-of-service in Intel Infrastructure Data Path Function.
An incorrect handling logic of unknown packets in Intel Infrastructure
Data Path Function Support driver in the Linux kernel can lead to
internal data corruption. An attacker can use this flaw to cause
denial-of-service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata
mailing list