[Ksplice][Ubuntu-Oracle-Updates] New Ksplice updates for Ubuntu OCI kernel (USN-5669-1)

[Oracle Ksplice]

Synopsis: USN-5669-1 can now be patched using Ksplice
CVEs: CVE-2022-0812 CVE-2022-1012 CVE-2022-2318 CVE-2022-27666 CVE-2022-32296

Systems running Ubuntu OCI kernel can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-5669-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu OCI
kernel install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2022-0812: Information leak in NFS RDMA transport.

The RDMA transport method for NFS RPCs fails to properly calculate the
size of its headers. This could result in uninitialized kernel data
being inadvertently transmitted over the network.


* CVE-2022-27666: Privilege escalation in IPsec ESP transformation.

A logic flaw in IPsec ESP transformation implementation could lead to
a heap buffer overflow. A local user could use this flaw to overwrite
kernel heap objects and cause privilege escalation.


* CVE-2022-2318: Privilege escalation in X.25 Packet Layer Protocol.

Improper reference counting in X.25 Packet Layer Protocol (Rose) could
lead to a use-after-free. A local unprivileged user could use this flaw
for privilege escalation.


* CVE-2022-1012, CVE-2022-32296: Information disclosure in TCP.

Insufficient randomness in TCP source port number generation when
opening TCP connections to remote host could lead to an information
leak. A remote attacker can use this to fingerprint a network host.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.