Oracle Linux 6266 Published by

New Ksplice updates for UEKR4 4.1.12 on Oracle Linux 6 and 7.



El-errata: New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2020-5837)


Synopsis: ELSA-2020-5837 can now be patched using Ksplice
CVEs: CVE-2017-16644 CVE-2019-19062 CVE-2019-19535 CVE-2019-19536 CVE-2019-20811 CVE-2020-10732

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2020-5837.
More information about this errata can be found at
  https://linux.oracle.com/errata/ELSA-2020-5837.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2017-16644: Denial-of-service in Hauppauge HD PVR driver.

Incorrect error handling during device probe for a Hauppauge HD PVR
device could result in a kernel crash. A user with physical access to
the system and a malicious device could use this flaw to crash the
system.

Orabug: 31352053

* CVE-2019-20811: Denial-of-service in network device sysfs system.

An inability to correctly handle an error condition when adding certain objects
in the net sysfs code could lead to an invalid refcount and thus a memory leak.
This could be used for a denial-of-service attack.

Orabug: 31687545

* Denial-of-service when registering a new binary type.

A logic error when registering a new binary type with a too big offset
could lead to an overflow. A local attacker could use this flaw to cause
a denial-of-service.

Orabug: 31588258

* CVE-2019-19535, CVE-2019-19536: Information leak when initializing PCAN-USB device.

When loading a PCAN-USB driver, kernel passes an uninitialized buffer
to the device. This could leak privileged kernel memory to the device
and allow a malicious device to escalate privilege.

Orabug: 31351221

* CVE-2019-19062: Denial-of-service in the crypto subsystem.

Incomplete error handling while reporting statistics through procfs
in the crypto subsystem leads to memory leak. An unprivileged local
user could exploit this to exhaust kernel memory and cause a
denial-of-service.

Orabug: 31351640

* Don't return an ACK on some RDMA netlink operations.

Some netlink functions were always returning an ack of skb->len. This
wasn't desired behavior, so the functions changed to return 0 on success.

Orabug: 31666975

* CVE-2020-10732: Information leak in corefiles in per-thread info.

When generating a corefile, the per-thread core information is not
properly sanitized, potentially leaking sensitive kernel data into the
filesystem.

Orabug: 31350639

* Connection failure after RDS peer reboot.

A logic error when detecting duplicate RDS packets can result in
connection failures after a peer node reboots.

Orabug: 31648141

* Denial-of-service using XFS filesystem.

A logic error when using XFS filesystem could lead to kernel assert. A
local attacker could use this flaw to cause a denial-of-service.

Orabug: 31744270

* Race condition when sending IB subnet MAD causes denial-of-service.

When allocating an Infiniband management diagram packet for the
Infiniband subnet manager, the request data might be freed before the
diagram is fully transmitted, resulting in a use-after-free and
denial-of-service.

Orabug: 31656992

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.