 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Thu, 24 Apr 2014 21:47:24 +0000 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Moderate: kernel security, bug fix, and enhancement update
Advisory ID: SLSA-2014:0433-1
Issue Date: 2014-04-24
CVE Numbers: CVE-2013-2888
CVE-2012-6638
--
* A flaw was found in the way the Linux kernel's TCP/IP protocol suite
implementation handled TCP packets with both the SYN and FIN flags set. A
remote attacker could use this flaw to consume an excessive amount of
resources on the target system, potentially resulting in a denial of
service. (CVE-2012-6638, Moderate)
* A flaw was found in the way the Linux kernel handled HID (Human
Interface Device) reports with an out-of-bounds Report ID. An attacker
with physical access to the system could use this flaw to crash the system
or, potentially, escalate their privileges on the system. (CVE-2013-2888,
Moderate)
This update also fixes the following bugs:
* A previous change to the sunrpc code introduced a race condition between
the rpc_wake_up_task() and rpc_wake_up_status() functions. A race between
threads operating on these functions could result in a deadlock situation,
subsequently triggering a "soft lockup" event and rendering the system
unresponsive. This problem has been fixed by re-ordering tasks in the RPC
wait queue.
* Running a process in the background on a GFS2 file system could
sometimes trigger a glock recursion error that resulted in a kernel panic.
This happened when a readpage operation attempted to take a glock that had
already been held by another function. To prevent this error, GFS2 now
verifies whether the glock is already held when performing the readpage
operation.
* A previous patch backport to the IUCV (Inter User Communication Vehicle)
code was incomplete. Consequently, when establishing an IUCV connection,
the kernel could, under certain circumstances, dereference a NULL pointer,
resulting in a kernel panic. A patch has been applied to correct this
problem by calling the proper function when removing IUCV paths.
In addition, this update adds the following enhancement:
* The lpfc driver had a fixed timeout of 60 seconds for SCSI task
management commands. With this update, the lpfc driver enables the user to
set this timeout within the range from 5 to 180 seconds. The timeout can
be changed by modifying the "lpfc_task_mgmt_tmo" parameter for the lpfc
driver.
The system must be rebooted for this update to take effect.
--
SL5
x86_64
kernel-2.6.18-371.8.1.el5.x86_64.rpm
kernel-debug-2.6.18-371.8.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-371.8.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-371.8.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-371.8.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-371.8.1.el5.x86_64.rpm
kernel-devel-2.6.18-371.8.1.el5.x86_64.rpm
kernel-headers-2.6.18-371.8.1.el5.x86_64.rpm
kernel-xen-2.6.18-371.8.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-371.8.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-371.8.1.el5.x86_64.rpm
i386
kernel-2.6.18-371.8.1.el5.i686.rpm
kernel-PAE-2.6.18-371.8.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-371.8.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-371.8.1.el5.i686.rpm
kernel-debug-2.6.18-371.8.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-371.8.1.el5.i686.rpm
kernel-debug-devel-2.6.18-371.8.1.el5.i686.rpm
kernel-debuginfo-2.6.18-371.8.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-371.8.1.el5.i686.rpm
kernel-devel-2.6.18-371.8.1.el5.i686.rpm
kernel-headers-2.6.18-371.8.1.el5.i386.rpm
kernel-xen-2.6.18-371.8.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-371.8.1.el5.i686.rpm
kernel-xen-devel-2.6.18-371.8.1.el5.i686.rpm
noarch
kernel-doc-2.6.18-371.8.1.el5.noarch.rpm
- Scientific Linux Development Team
|
|
|
