Oracle Linux 6277 Published by

New Ksplice updates for RHCK 7 has been released.



El-errata: New Ksplice updates for RHCK 7 (ELSA-2020-0834)


Synopsis: ELSA-2020-0834 can now be patched using Ksplice
CVEs: CVE-2019-11487 CVE-2019-17666 CVE-2019-19338

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2020-0834.
More information about this errata can be found at
  https://linux.oracle.com/errata/ELSA-2020-0834.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 7 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2019-11487: Invalid memory access when overflowing pages refcount.

A reference count issue could let an attacker overflow pages reference
count and leads to invalid memory accesses. A local attacker could use
this flaw to cause a denial-of-service.

* CVE-2019-17666: Remote code execution in Realtek peer-to-peer Wifi.

Missing validation could result in a kernel buffer overflow and
potentially code-execution. A remote attacker in proximity to the
device could use this flaw to crash the system or potentially, execute
code.

* CVE-2019-19338: Missing Intel TAA mitigation in KVM guests.

The original vendor fix for CVE-2019-11135 did not correctly pass
through mitigation status to KVM guests which could result in guests not
fully mitigating against TAA. This update forcibly disables TSX on
affected hosts so that guests do not need runtime changes. A new
control, /sys/kernel/debug/x86/tsx_force_abort is added to disable TSX,
defaulting to 1 on vulnerable systems, writing 0 to this file will
re-enable TSX but potentially leave guests vulnerable.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.