Oracle Linux 6264 Published by

New Ksplice updates for UEKR2 2.6.39 on Oracle Linux 5 and 6 are available.



El-errata: New Ksplice updates for UEKR2 2.6.39 on OL5 and OL6 (ELBA-2020-5842)


Synopsis: ELBA-2020-5842 can now be patched using Ksplice
CVEs: CVE-2019-19054 CVE-2020-14331

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Bug Fix Advisory, ELBA-2020-5842.
More information about this errata can be found at
  https://linux.oracle.com/errata/ELBA-2020-5842.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR2 2.6.39 on
OL5 and OL6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2019-19054: Denial-of-service in the cx2388x tv card driver.

Failure to handle error during initial setup on in the cx2388x tv card
driver causes memory leak. An attacker could exploit this to cause a
denial-of-service.

Orabug: 31351676

* CVE-2020-14331: Out-of-bounds writes in ioctls of Console display driver.

Out-of-bounds writes in ioctls of Console display driver could happen
when calling an ioctl VT_RESIZE in order to resize the console. This
flaw could allow a local user with access to the VGA console to crash
the system or potentially escalating their privileges on the system.

Orabug: 31705125

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.