Oracle Linux 6279 Published by

The following updates has been released for Oracle Linux 6:

ELBA-2018-4101 Oracle Linux 6 initscripts bug fix update
New Ksplice updates for RHCK 6 (ELSA-2018-1319)



ELBA-2018-4101 Oracle Linux 6 initscripts bug fix update

Oracle Linux Bug Fix Advisory ELBA-2018-4101

http://linux.oracle.com/errata/ELBA-2018-4101.html

The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:

i386:
debugmode-9.03.58-1.0.3.el6_9.2.i686.rpm
initscripts-9.03.58-1.0.3.el6_9.2.i686.rpm

x86_64:
debugmode-9.03.58-1.0.3.el6_9.2.x86_64.rpm
initscripts-9.03.58-1.0.3.el6_9.2.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/initscripts-9.03.58-1.0.3.el6_9.2.src.rpm



Description of changes:

[9.03.58-1.0.3.el6_9.2]
- fix netfs to kill the process post lazy umount [orabug: 27779817]

[9.03.58-1.0.2.el6_9.2]
- initscripts: Run a custom script if exists before force reboot after
autorelabel [Orabug: 27262792]

New Ksplice updates for RHCK 6 (ELSA-2018-1319)

Synopsis: ELSA-2018-1319 can now be patched using Ksplice
CVEs: CVE-2017-1000410 CVE-2017-13166 CVE-2017-18017 CVE-2017-7645 CVE-2017-8824 CVE-2018-8897

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2018-1319.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 6 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2018-8897: Denial-of-service in KVM breakpoint handling.

Incorrect stack management of data watchpoints and breakpoints could
allow an unprivileged user to crash the system.

OraBug: 27895351


* CVE-2017-1000410: Information leak in Bluetooth L2CAP messages.

Incorrect handling of short EFS elements in an L2CAP message could allow
an attacker to leak the contents of kernel memory.


* CVE-2017-18017: Use-after-free when using TCPMSS Netfilter.

A missing check in the netfilter TCP MSS code could lead to a
use-after-free condition. A remote attacker could exploit this
to cause a denial of service.


* CVE-2017-8824: Privilege escalation when calling disconnect() system call on a DCCP socket.

A missing free when calling disconnect() system call on a DCCP socket
while it is in DCCP_LISTEN state could lead to a use-after-free. A local
attacker could use this flaw to escalate privileges.


* CVE-2017-13166: Privilege escalation when using V4L2 ioctls.

Logic errors in multiple V4L2 ioctls could lead to arbitrary execution
of user space defined addresses. A local attacker could use this flaw to escalate
privileges.


* CVE-2017-7645: Remote denial-of-service in NFSv2/NFSv3 server.

Due to missing input validation, long NFSv2/NFSv3 RPC requests could
cause a kernel crash. A malicious remote client could use this to
send a specially crafted message and cause a denial-of-service.


The Oracle Ksplice development team has determined that mitigations for
the Intel processor design flaws leading to vulnerability
CVE-2017-5754 cannot be applied using zero-downtime (Ksplice) patching. Oracle
therefore recommends that customers running a 32-bit kernel install the
required updates from their systems and hardware vendors as they become
available and reboot these machines upon applying these patches.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.