[Ksplice][EL7-Updates] New Ksplice updates for OL 7, RHEL 7, CentOS 7, and Scientific Linux 7 (RHSA-2018:3651)

[Oracle Ksplice]

Synopsis: RHSA-2018:3651 can now be patched using Ksplice
CVEs: CVE-2018-14633 CVE-2018-14646

Systems running RHCK on Oracle Linux 7, Red Hat Enterprise Linux 7,
CentOS 7, and Scientific Linux 7 can now use Ksplice to patch against
the latest Red Hat Security Advisory, RHSA-2018:3651.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running OL 7, RHEL 7,
CentOS 7, and Scientific Linux 7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2018-14646: Denial-of-service in network namespace netlink capabilities.

A NULL pointer dereference in the netlink code for a network namespaced
process could result in a kernel crash.  A local user in the namespace
could use this flaw to crash the host.


* CVE-2018-14633: Remote privilege escalation in iSCSI CHAP authentication.

A stack buffer overflow in the iSCSI CHAP authentication code could
allow an unauthenticated remote attacker to corrupt stack memory and
crash the system or potentially, execute code on the target system.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.