[Ksplice][EL7-Updates] Early update for local privilege escalation in HDLC (CVE-2017-2636)
Quentin Casasnovas
quentin.casasnovas at oracle.com
Thu Mar 9 00:46:49 PST 2017
Synopsis: Early update for local privilege escalation in HDLC CVE-2017-2636
We felt it's important to ship this update early, before distributions
released kernels that fix the problem, because our audit showed that we
have a large number of customers vulnerable to this issue.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack install this update.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, this
update will be installed automatically and you do not need to take any
action.
Alternatively, you can install this update by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2017-2636: Privilege escalation in High Level Data Synchronous TTY line discipline.
A race condition when flushing the transmit queue concurrently to sending
frames in the HDLC TTY line discipline could lead to a double free. A
local, unprivileged user could use this flaw to elevate his privileges.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-EL7-updates
mailing list