Oracle Linux 6154 Published by

The following Ksplice updates are available for Oracle Linux:

New Ksplice updates for Oracle Enhanced RHCK 7 (ELBA-2018-1965-1)
New Ksplice updates for RHCK 6 (RHSA-2018:1965)
New Ksplice updates for RHCK 7 (RHSA-2018:1965)



New Ksplice updates for Oracle Enhanced RHCK 7 (ELBA-2018-1965-1)

Synopsis: ELBA-2018-1965-1 can now be patched using Ksplice
CVEs: CVE-2017-11600 CVE-2018-3639

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Bug Fix Advisory, ELBA-2018-1965-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Oracle Enhanced
RHCK 7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-11600: Out-of-bounds access when using transformation user configuration interface.

A missing check on user input when sending XFRM_MSG_MIGRATE over
transformation user configuration interface (XFRM) socket could lead to
an out-of-bounds access. A local attacker could use this flaw to cause
a denial-of-service.


* Improved AMD fix to CVE-2018-3639: Speculative Store Bypass information leak.

The original vendor fix for CVE-2018-3639 did not expose the mitigation
to KVM guests on AMD or correctly handle symmetric multithreading (SMT)
systems.

This update enables the speculative store bypass mitigation full time to
protect guests and SMT systems by default on AMD systems and can be
manually enabled/disable by writing 1/0 to
/proc/sys/vm/ksplice_ssbd_control. The /proc/sys/vm/ksplice_ssbd_status
file reports the current mitigation status.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.


New Ksplice updates for RHCK 6 (RHSA-2018:1965)

Synopsis: RHSA-2018:1965 can now be patched using Ksplice
CVEs: CVE-2012-6701 CVE-2015-8830 CVE-2016-8650 CVE-2017-12190 CVE-2017-15121 CVE-2017-18203 CVE-2017-2671 CVE-2017-6001 CVE-2017-7616 CVE-2017-7889 CVE-2017-8890 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2018-1130 CVE-2018-5803

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle kernel update, RHSA-2018:1965.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 6 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2012-6701, CVE-2015-8830: Denial of service in AIO.

Due to a missing length check, a userspace process could potentially
pass a very large IO control block to the kernel. A malicious user
could use this to cause denial of service.


* CVE-2016-8650: NULL pointer dereference in the key management subsystem.

A missing check in the Multiprecision maths library used to implement
RSA digital signature verification could lead to a NULL pointer
dereference. A local user could use this flaw to cause a denial-of-service.


* CVE-2017-2671: Use-after-free in ping implementation.

A race condition in the kernel ping implementation can result in a
use-after-free. A local attacker with access to ping sockets could use
this flaw to cause a kernel crash or escalate privileges.


* CVE-2017-7616: Information leak when setting memory policy.

A missing check when setting memory policy through set_mempolicy()
syscall could lead to a stack data leak. A local attacker could use this
flaw to leak information about running kernel and facilitate an attack.


* CVE-2017-7889: Permissions bypass via /dev/mem file.

The mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM
protection mechanism, which allows local users to read or write to
kernel memory locations via an application that opens the /dev/mem file.


* CVE-2017-8890: Denial-of-service in TCP and DCCP socket manipulation.

A failure to correctly initialise a structure can result in a double
free, leading to undefined behaviour. A local unprivileged attacker
could use this flaw to cause a denial-of-service or other unspecified
behaviour.


* CVE-2017-9075, CVE-2017-9076, CVE-2017-9077: Incorrectly copying list headers on socket clone causes denial-of-service.

When cloning sockets, several list headers are incorrectly copied to the
child sockets, which then leads to double-frees when both sockets are
closed, causing a kernel panic and denial-of-service.


* CVE-2017-12190: Denial-of-service in block I/O page merging.

A failure to decrement a reference count when merging block I/O pages
can result in a memory leak. A local user could use this flaw to cause a
denial-of-service.


* CVE-2017-15121: Denial of service when punching holes into files from Fuse.

A logic error when punching holes into files which do not end on a page
boundary in the Fuse filesystem could cause a kernel crash. A local user
with the ability to mount fuse filesystem could use this flaw to cause a
denial-of-service.


* CVE-2017-18203: Denial-of-service during device mapper destruction.

A race condition between creation and destruction of device mapper
objects can result in an assertion failure, leading to a kernel crash. A
local user could use this flaw to cause a denial-of-service.


* CVE-2018-5803: Denial-of-service when receiving forged packet over SCTP socket.

A missing check when receiving a forged packet with custom properties
over SCTP socket could lead to a kernel assert. A remote attacker could
use this flaw to cause a denial-of-service.


* CVE-2018-1130: Denial-of-service in DCCP message send.

A logic error in the dccp code could lead to a NULL pointer dereference
when transmitting messages, leading to a kernel panic. An attacker could
use this to cause a denial-of-service.


* CVE-2017-6001: Use-after-free in the perf subsystem on concurrent perf_event_open.

Incorrect locking in the perf subsystem could lead to a use-after-free on
concurrent perf_event_open(). A local unprivileged user could use this
flaw to potentially elevate privileges depending on the perf_event paranoid
setting.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.


New Ksplice updates for RHCK 7 (RHSA-2018:1965)

Synopsis: RHSA-2018:1965 can now be patched using Ksplice
CVEs: CVE-2017-11600 CVE-2018-3639

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle kernel update, RHSA-2018:1965.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 7 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-11600: Out-of-bounds access when using transformation user configuration interface.

A missing check on user input when sending XFRM_MSG_MIGRATE over
transformation user configuration interface (XFRM) socket could lead to
an out-of-bounds access. A local attacker could use this flaw to cause
a denial-of-service.


* Improved AMD fix to CVE-2018-3639: Speculative Store Bypass information leak.

The original vendor fix for CVE-2018-3639 did not expose the mitigation
to KVM guests on AMD or correctly handle symmetric multithreading (SMT)
systems.

This update enables the speculative store bypass mitigation full time to
protect guests and SMT systems by default on AMD systems and can be
manually enabled/disable by writing 1/0 to
/proc/sys/vm/ksplice_ssbd_control. The /proc/sys/vm/ksplice_ssbd_status
file reports the current mitigation status.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.