SCIENTIFIC-LINUX-ERRATA Archives

July 2013

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: kernel on SL6.x i386/x86_64
From:
Bonnie King <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Wed, 17 Jul 2013 16:44:41 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (86 lines) 
Synopsis:          Moderate: kernel security and bug fix update
Advisory ID:       SLSA-2013:1051-1
Issue Date:        2013-07-16
CVE Numbers:       CVE-2013-0914
                   CVE-2013-1848
                   CVE-2013-2634
                   CVE-2013-2635
                   CVE-2013-3222
                   CVE-2013-3224
                   CVE-2013-3225
                   CVE-2012-6548
                   CVE-2013-3301
                   CVE-2013-2128
                   CVE-2013-2852
--

This update fixes the following security issues:

* A flaw was found in the tcp_read_sock() function in the Linux kernel's
IPv4 TCP/IP protocol suite implementation in the way socket buffers (skb)
were handled. A local, unprivileged user could trigger this issue via a
call to splice(), leading to a denial of service. (CVE-2013-2128,
Moderate)

* Information leak flaws in the Linux kernel could allow a local,
unprivileged user to leak kernel memory to user-space. (CVE-2012-6548,
CVE-2013-2634, CVE-2013-2635, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225,
Low)

* An information leak was found in the Linux kernel's POSIX signals
implementation. A local, unprivileged user could use this flaw to bypass
the Address Space Layout Randomization (ASLR) security feature.
(CVE-2013-0914, Low)

* A format string flaw was found in the ext3_msg() function in the Linux
kernel's ext3 file system implementation. A local user who is able to
mount an ext3 file system could use this flaw to cause a denial of service
or, potentially, escalate their privileges. (CVE-2013-1848, Low)

* A format string flaw was found in the b43_do_request_fw() function in
the Linux kernel's b43 driver implementation. A local user who is able to
specify the "fwpostfix" b43 module parameter could use this flaw to cause
a denial of service or, potentially, escalate their privileges.
(CVE-2013-2852, Low)

* A NULL pointer dereference flaw was found in the Linux kernel's ftrace
and function tracer implementations. A local user who has the
CAP_SYS_ADMIN capability could use this flaw to cause a denial of service.
(CVE-2013-3301, Low)

The system must be rebooted for this update to take effect.
--

SL6
  x86_64
    kernel-2.6.32-358.14.1.el6.x86_64.rpm
    kernel-debug-2.6.32-358.14.1.el6.x86_64.rpm
    kernel-debug-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm
    kernel-debug-devel-2.6.32-358.14.1.el6.x86_64.rpm
    kernel-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm
    kernel-debuginfo-common-x86_64-2.6.32-358.14.1.el6.x86_64.rpm
    kernel-devel-2.6.32-358.14.1.el6.x86_64.rpm
    kernel-headers-2.6.32-358.14.1.el6.x86_64.rpm
    perf-2.6.32-358.14.1.el6.x86_64.rpm
    perf-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm
    python-perf-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm
    python-perf-2.6.32-358.14.1.el6.x86_64.rpm
  i386
    kernel-2.6.32-358.14.1.el6.i686.rpm
    kernel-debug-2.6.32-358.14.1.el6.i686.rpm
    kernel-debug-debuginfo-2.6.32-358.14.1.el6.i686.rpm
    kernel-debug-devel-2.6.32-358.14.1.el6.i686.rpm
    kernel-debuginfo-2.6.32-358.14.1.el6.i686.rpm
    kernel-debuginfo-common-i686-2.6.32-358.14.1.el6.i686.rpm
    kernel-devel-2.6.32-358.14.1.el6.i686.rpm
    kernel-headers-2.6.32-358.14.1.el6.i686.rpm
    perf-2.6.32-358.14.1.el6.i686.rpm
    perf-debuginfo-2.6.32-358.14.1.el6.i686.rpm
    python-perf-debuginfo-2.6.32-358.14.1.el6.i686.rpm
    python-perf-2.6.32-358.14.1.el6.i686.rpm
  noarch
    kernel-doc-2.6.32-358.14.1.el6.noarch.rpm
    kernel-firmware-2.6.32-358.14.1.el6.noarch.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2