El-errata: New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2020-5926)
Synopsis: ELSA-2020-5926 can now be patched using Ksplice
CVEs: CVE-2016-7913 CVE-2020-25643
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2020-5926.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2020-5926.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2020-25643: Memory corruption in WAN HDLC-PPP due to missing error checking.
A missing error handling code in WAN HDLC-PPP implementation could lead
to a memory corruption. A local user could use this flaw to cause
a denial-of-service or an arbitrary code execution.
Orabug: 31989190
* Information leak in netfilter batch netlink message processing.
The netfilter netlink interface does not correctly handle batch messages
with invalid lengths which can cause the contents of kernel memory to be
leaked to userspace. A local user with CAP_NET_ADMIN could potentially
escalate privileges.
Orabug: 30658635
* CVE-2016-7913: Use-after-free when configuring xc2028 tuner driver.
A use-after-free vulnerability in xc2028 tuner driver allows local
users to gain privileges or cause a denial of service by omitting the
firmware name from a certain data structure.
Orabug: 30658659
SUPPORT
Ksplice support is available at ksplice-support_ww@oracle.com.
New Ksplice updates for UEKR4 4.1.12 on Oracle Linux 6 and Oracle Linux 7.