Synopsis: ELSA-2021-9474 can now be patched using Ksplice CVEs: CVE-2020-26541 CVE-2021-37159 CVE-2021-3743 CVE-2021-38198 CVE-2021-40490
Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2021-9474. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2021-9474.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on OL7 and OL8 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2021-40490: Race condition in ext4 subsystem. A logic error in the ext4 subsystem may lead to a race condition. This may allow a local attacker to undermine system integrity and possibly execute arbitrary code. Orabug: 33327177 * Note: Oracle will not be providing an update for CVE-2020-26541. This CVE is only applicable at boot time, so by the time Ksplice live updates are applied, the relevant code has already ran. Orabug: 33418496 * Note: Oracle has determined that CVE-2021-3743 is not applicable. Oracle has determined that CVE-2021-3743 is not applicable to x86. Applying the patch has no resulting changes in the generated object files. Orabug: 33284937 * CVE-2021-37159: Code execution in Option USB High Speed Mobile device driver. Improper error handling during device initialization in Option USB High Speed Mobile device driver could lead to a use-after-free and a double free. A local user could use this flaw to cause a denial-of-service or possibly execute arbitrary code. Orabug: 33174795 * CVE-2021-38198: Denial-of-service when using shadow paging with KVM guests. A missing check when using shadow paging with KVM guests could lead to a page fault. A local attacker could use this flaw to cause a denial-of- service. Orabug: 33209458 SUPPORT Ksplice support is available at [email protected]. _______________________________________________ El-errata mailing list [email protected] https://oss.oracle.com/mailman/listinfo/el-errata
