Oracle Linux 6261 Published by

New Ksplice updates for UEKR4 4.1.12 are available for Oracle Linux 6 and 7.



El-errata: New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2020-5708)


Synopsis: ELSA-2020-5708 can now be patched using Ksplice
CVEs: CVE-2017-1000371 CVE-2018-18281 CVE-2019-12819 CVE-2019-14896
CVE-2019-14897 CVE-2019-19057 CVE-2019-19524 CVE-2019-19528 CVE-2019-19537
CVE-2019-20636 CVE-2020-11608 CVE-2020-11609 CVE-2020-11668

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2020-5708.
More information about this errata can be found at
  https://linux.oracle.com/errata/ELSA-2020-5708.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2019-19057: Denial-of-service in the Marvell mwifiex PCIe driver.

Failure to handle error during initialization of Marvell mwifiex PCIe
driver leads to memory leak. An attacker could exploit this to exhaust
kernel memory that eventually may cause a denial-of-service.

Orabug: 31263147

* CVE-2020-11609: NULL pointer dereference when initializing STV06XX USB Camera
device.

A missing check on USB endpoints when initializing STV06XX USB Camera
device could lead to a NULL pointer dereference. A local attacker could
use this flaw and a malicious USB device to cause a denial-of-service.

Orabug: 31200579

* CVE-2017-1000371: Privilege escalation when executing a shared object file.

A logic error when loading shared object file with ELF format could
facilitate an exploit leading to privilege escalation.

Orabug: 31352068

* CVE-2019-14896, CVE-2019-14897: Denial-of-service when parsing BSS in Marvell
8xxx Libertas WLAN driver.

A missing check when parsing BSS in Marvell 8xxx Libertas WLAN driver
could lead to buffer overflows. A local attacker could use this flaw to
cause a denial-of-service.

Orabug: 31351307

* CVE-2019-19528: Denial-of-service when disconnecting IO Warrior USB device.

Logic errors when disconnecting IO Warrior USB device could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.

Orabug: 31351061

* CVE-2019-19524: Use-after-free when unregistering memoryless force-feedback
driver.

A missing free of a timer when unregistering memoryless force-feedback
driver could lead to a use-after-free. A local attacker could use this
flaw to cause a denial-of-service.

Orabug: 31213691

* CVE-2020-11668: NULL pointer dereference when initializing Xirlink C-It USB
camera device.

A missing check on USB endpoints when initializing Xirlink C-It USB
camera device could lead to a NULL pointer dereference. A local attacker
could use this flaw and a malicious USB device to cause a
denial-of-service.

Orabug: 31213767

* CVE-2019-19537: Denial-of-service in USB character device registration.

Incorrect locking when registering and deregistering a USB character
device could result in a use-after-free and kernel crash. A local user
with the ability to insert USB devices could use this flaw to crash the
system.

Orabug: 31317667

* CVE-2020-11608: NULL pointer dereference when initializing USB GSPCA based
webcams.

A missing check on exposed endpoint numbers from USB GSPCA based webcams
could lead to a NULL pointer dereference. A local attacker could use a
malicious USB device to cause a denial-of-service.

Orabug: 31213758

* CVE-2019-12819: Use-after-free during initialization of MDIO bus driver.

A failure to correctly handle device registration failure of the MDIO bus
driver can result in a use-after-free. A local user with the ability to
hot-plug a network device could use this flaw to cause a denial-of-service or
escalate privileges.

Orabug: 31222292

* CVE-2018-18281: Information leak in mremap syscall.

A logic error in the mremap code could allow one process to access
memory of a different process.

Orabug: 31352011

* CVE-2019-20636: Out-of-bounds write via crafted keycode table.

A validation error when parsing a keycode table supplied by userspace to
an input device can result in an out-of-bounds write. A local user with
the ability to configure an input device could use this flaw to cause a
denial-of-service or potentially escalate privileges.

Orabug: 31200558

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.