SCIENTIFIC-LINUX-ERRATA Archives

February 2014

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: kernel on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Wed, 12 Feb 2014 08:13:34 -0600
Content-Type:
text/plain
Parts/Attachments:
text/plain (65 lines) 
Synopsis:          Important: kernel security and bug fix update

Advisory ID:       SLSA-2014:0159-1

Issue Date:        2014-02-11

CVE Numbers:       CVE-2013-2929

                    CVE-2013-6381

                    CVE-2013-7263

                    CVE-2013-7265

--



* A buffer overflow flaw was found in the way the qeth_snmp_command()

function in the Linux kernel's QETH network device driver implementation

handled SNMP IOCTL requests with an out-of-bounds length. A local,

unprivileged user could use this flaw to crash the system or, potentially,

escalate their privileges on the system. (CVE-2013-6381, Important)



* A flaw was found in the way the get_dumpable() function return value was

interpreted in the ptrace subsystem of the Linux kernel. When

'fs.suid_dumpable' was set to 2, a local, unprivileged local user could

use this flaw to bypass intended ptrace restrictions and obtain

potentially sensitive information. (CVE-2013-2929, Low)



* It was found that certain protocol handlers in the Linux kernel's

networking implementation could set the addr_len value without

initializing the associated data structure. A local, unprivileged user

could use this flaw to leak kernel stack memory to user space using the

recvmsg, recvfrom, and recvmmsg system calls (CVE-2013-7263,

CVE-2013-7265, Low).



The system must be rebooted for this update to take effect.

--



SL6

   x86_64

     kernel-2.6.32-431.5.1.el6.x86_64.rpm

     kernel-debug-2.6.32-431.5.1.el6.x86_64.rpm

     kernel-debug-debuginfo-2.6.32-431.5.1.el6.x86_64.rpm

     kernel-debug-devel-2.6.32-431.5.1.el6.x86_64.rpm

     kernel-debuginfo-2.6.32-431.5.1.el6.x86_64.rpm

     kernel-debuginfo-common-x86_64-2.6.32-431.5.1.el6.x86_64.rpm

     kernel-devel-2.6.32-431.5.1.el6.x86_64.rpm

     kernel-headers-2.6.32-431.5.1.el6.x86_64.rpm

     perf-2.6.32-431.5.1.el6.x86_64.rpm

     perf-debuginfo-2.6.32-431.5.1.el6.x86_64.rpm

     python-perf-debuginfo-2.6.32-431.5.1.el6.x86_64.rpm

     python-perf-2.6.32-431.5.1.el6.x86_64.rpm

   i386

     kernel-2.6.32-431.5.1.el6.i686.rpm

     kernel-debug-2.6.32-431.5.1.el6.i686.rpm

     kernel-debug-debuginfo-2.6.32-431.5.1.el6.i686.rpm

     kernel-debug-devel-2.6.32-431.5.1.el6.i686.rpm

     kernel-debuginfo-2.6.32-431.5.1.el6.i686.rpm

     kernel-debuginfo-common-i686-2.6.32-431.5.1.el6.i686.rpm

     kernel-devel-2.6.32-431.5.1.el6.i686.rpm

     kernel-headers-2.6.32-431.5.1.el6.i686.rpm

     perf-2.6.32-431.5.1.el6.i686.rpm

     perf-debuginfo-2.6.32-431.5.1.el6.i686.rpm

     python-perf-debuginfo-2.6.32-431.5.1.el6.i686.rpm

     python-perf-2.6.32-431.5.1.el6.i686.rpm

   noarch

     kernel-abi-whitelists-2.6.32-431.5.1.el6.noarch.rpm

     kernel-doc-2.6.32-431.5.1.el6.noarch.rpm

     kernel-firmware-2.6.32-431.5.1.el6.noarch.rpm



- Scientific Linux Development Team

ATOM RSS1 RSS2