Synopsis: ELBA-2022-0063-1 can now be patched using Ksplice CVEs: CVE-2020-25704 CVE-2020-36322 CVE-2021-28950 CVE-2021-42739
Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Bug Fix Advisory, ELBA-2022-0063-1. More information about this errata can be found at https://linux.oracle.com/errata/ELBA-2022-0063-1.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running Oracle Enhanced RHCK 7 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2021-42739: Buffer overflow in FireDTV firewire DVB receiver driver. The FireDTV firewire DVB receiver driver contains a buffer overflow when processing a Program Map Table entry. A malicious device might exploit this to overwrite memory and cause a denial-of-service. * CVE-2020-25704: Denial-of-service in the performance monitoring subsystem. A possible memory leak when setting performance monitoring filter could lead to kernel memory exhaustion. A local attacker could use this flaw to cause a denial-of-service. * Note: Oracle will not provide a zero-downtime update for CVE-2020-36322 and CVE-2021-28950. CVE-2020-36322 and CVE-2021-28950 are both scored CVSSv3 5.5 and are present in the fuse driver, which allows userspace drivers for filesystems. Both CVEs allow an unprivileged user with access to a mounted fuse filesystem to potentially cause a denial-of-service through either a crash of the filesystem driver or infinite loop in kernel. Hosts without the fuse driver loaded or without any fuse filesystems mounted are not affected by this issue. Oracle has determined that patching CVE-2020-36322 and CVE-2021-28950 on a running system would not be safe and recommends a reboot if fuse is used on the host and unprivileged users are allowed to access a mounted fuse filesystem. SUPPORT Ksplice support is available at [email protected]. _______________________________________________ El-errata mailing list [email protected] https://oss.oracle.com/mailman/listinfo/el-errata
