[Ksplice][EL6-Updates] New updates available via Ksplice (ELSA-2016-2006)
Oracle Ksplice
ksplice-support_ww at oracle.com
Wed Oct 5 16:42:43 PDT 2016
Synopsis: ELSA-2016-2006 can now be patched using Ksplice
CVEs: CVE-2016-4470 CVE-2016-5829
Systems running RHCK on Oracle Linux 6, Red Hat Enterprise Linux 6,
CentOS 6, and Scientific Linux 6 can now use Ksplice to patch against
the latest Red Hat kernel update, ELSA-2016-2006.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on OL 6, RHEL 6, CentOS
6, and Scientific Linux 6 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2016-4470: Denial-of-service in the keyring subsystem.
Failure to check that a key was properly added to a keyring before removing
it could lead to a kernel crash. A local, unprivileged user could use this
flaw to cause a denial-of-service.
* CVE-2016-5829: Memory corruption in unknown USB HID devices.
The USB HID driver does not validate USB data when an unknown HID device
is encountered which can allow a malicious USB device to trigger kernel
memory corruption and gain execution.
* Denial-of-service when resetting a Fibre Channel over Ethernet interface.
Lack of input validation when extracting the CPU number from a Fibre
Channel over Ethernet (FCoE) header could lead to a kernel crash when
resetting a FCoE interface. A local user with the ability to reset such
interface could use this flaw to cause a denial-of-service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-EL6-Updates
mailing list