El-errata: New Ksplice updates for UEKR2 2.6.39 on OL5 and OL6 (ELBA-2020-5842)
Synopsis: ELBA-2020-5842 can now be patched using Ksplice
CVEs: CVE-2019-19054 CVE-2020-14331
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Bug Fix Advisory, ELBA-2020-5842.
More information about this errata can be found at
https://linux.oracle.com/errata/ELBA-2020-5842.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR2 2.6.39 on
OL5 and OL6 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2019-19054: Denial-of-service in the cx2388x tv card driver.
Failure to handle error during initial setup on in the cx2388x tv card
driver causes memory leak. An attacker could exploit this to cause a
denial-of-service.
Orabug: 31351676
* CVE-2020-14331: Out-of-bounds writes in ioctls of Console display driver.
Out-of-bounds writes in ioctls of Console display driver could happen
when calling an ioctl VT_RESIZE in order to resize the console. This
flaw could allow a local user with access to the VGA console to crash
the system or potentially escalating their privileges on the system.
Orabug: 31705125
SUPPORT
Ksplice support is available at ksplice-support_ww@oracle.com.
New Ksplice updates for UEKR2 2.6.39 on Oracle Linux 5 and 6 are available.