Oracle Linux 6175 Published by

New Ksplice updates for UEKR4 4.1.12 on Oracle Linux 6 and 7 are available.

New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2023-12759)

Synopsis: ELSA-2023-12759 can now be patched using Ksplice
CVEs: CVE-2022-1015 CVE-2023-3106 CVE-2023-3567

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-12759.
More information about this errata can be found at


We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


* CVE-2023-3567: Information leak when using Virtual Terminal.

A logic error when using Virtual Terminal driver could lead to a
use-after-free. A local attacker could use this flaw to cause a denial-
of-service or leak sensitive information.

Orabug: 35649493

* CVE-2022-1015: Permission bypass when using netfilter.

A missing check on userspace input when using netfilter could lead to an
out-of-bounds access. A local attacker could use this flaw to escalate

Orabug: 34012909

* CVE-2023-3106: Denial-of-service in IP transform policy dump.

A failure to correctly handle error cases when dumping policy
information for IP transformation can result in the use of uninitialised
memory, leading to a kernel crash.

Orabug: 35598955


Ksplice support is available at