New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2023-12759)
Synopsis: ELSA-2023-12759 can now be patched using Ksplice
CVEs: CVE-2022-1015 CVE-2023-3106 CVE-2023-3567
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-12759.
More information about this errata can be found at
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* CVE-2023-3567: Information leak when using Virtual Terminal.
A logic error when using Virtual Terminal driver could lead to a
use-after-free. A local attacker could use this flaw to cause a denial-
of-service or leak sensitive information.
* CVE-2022-1015: Permission bypass when using netfilter.
A missing check on userspace input when using netfilter could lead to an
out-of-bounds access. A local attacker could use this flaw to escalate
* CVE-2023-3106: Denial-of-service in IP transform policy dump.
A failure to correctly handle error cases when dumping policy
information for IP transformation can result in the use of uninitialised
memory, leading to a kernel crash.
Ksplice support is available at firstname.lastname@example.org.
New Ksplice updates for UEKR4 4.1.12 on Oracle Linux 6 and 7 are available.