El-errata: New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2021-9007)
Synopsis: ELSA-2021-9007 can now be patched using Ksplice CVEs:
CVE-2020-14351 CVE-2020-14381 CVE-2020-25705 CVE-2020-28374 CVE-2020-29568
CVE-2020-29569
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2021-9007. More
information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2021-9007.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2020-28374: Access control bypass when reading or writing TCM devices.
Lack of validation against the session's list when matching a Target Core
Mod (TCM) device during an eXtended COPY (XCOPY) operation leads to access
control bypass. Attackers with access to one device could read and write
from/to other devices they should not have access to.
Orabug: 32248032
* Note: Oracle will not be providing a rebootless update for CVE-2020-29568.
Oracle has determined that patching this vulnerability live on a running system
would not be safe and is recommending to reboot the vulnerable hosts.
Orabug: 32253412
* CVE-2020-25705: ICMP rate-limiter can indirectly leak UDP port information.
The predictability of the rate at which ICMP messages are rate-limited
can be used by attackers to effectively scan for open UDP ports on a
remote system.
* CVE-2020-14351: Privilege escalation in perf subsystem due to use-after-free.
A flaw in the perf subsystem could lead to a use-after-free memory
error. This flaw could allow a local attacker with permission to monitor
perf events to corrupt memory and possibly escalate privileges.
* CVE-2020-29569: Use-after-free when disconnecting Xen block devices.
A logic error when disconnecting Xen block devices may cause a use-after-free.
A rouge guest instance may be able to use this to cause a Denial-of-Service
on dom0.
Orabug: 32260256
* Note: Oracle will not provide a live update for CVE-2020-14381.
Oracle has determined that patching this vulnerability live on a running
system would not be safe and is recommending to reboot the affected hosts.
The vulnerability applies to hosts with untrusted users being able to
create futexes on a filesystem that is about to be unmounted, and as such
requires a privileged user to unmount the filesystem at the right time to
be leveraged.
Orabug: 32233515
SUPPORT
Ksplice support is available at ksplice-support_ww@oracle.com.
New Ksplice updates for UEKR6 5.4.17 on Oracle Linux 7 and 8 has been released.