SCIENTIFIC-LINUX-ERRATA Archives

December 2014

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: kernel on SL7.x x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Wed, 10 Dec 2014 18:08:00 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (121 lines) 
Synopsis:          Important: kernel security and bug fix update
Advisory ID:       SLSA-2014:1971-1
Issue Date:        2014-12-09
CVE Numbers:       CVE-2013-2929
                   CVE-2014-4027
                   CVE-2014-4652
                   CVE-2014-4654
                   CVE-2014-4655
                   CVE-2014-4656
                   CVE-2014-3181
                   CVE-2014-3182
                   CVE-2014-3184
                   CVE-2014-3185
                   CVE-2014-6410
                   CVE-2014-5045
                   CVE-2014-1739
                   CVE-2014-3631
                   CVE-2014-3186
                   CVE-2014-3673
                   CVE-2014-3687
                   CVE-2014-3688
--

* A flaw was found in the way the Linux kernel's SCTP implementation
handled the association's output queue. A remote attacker could send
specially crafted packets that would cause the system to use an excessive
amount of memory, leading to a denial of service. (CVE-2014-3688,
Important)

* Two flaws were found in the way the Apple Magic Mouse/Trackpad multi-
touch driver and the Minibox PicoLCD driver handled invalid HID reports.
An attacker with physical access to the system could use these flaws to
crash the system or, potentially, escalate their privileges on the system.
(CVE-2014-3181, CVE-2014-3186, Moderate)

* A memory corruption flaw was found in the way the USB ConnectTech
WhiteHEAT serial driver processed completion commands sent via USB Request
Blocks buffers. An attacker with physical access to the system could use
this flaw to crash the system or, potentially, escalate their privileges
on the system. (CVE-2014-3185, Moderate)

* A flaw was found in the way the Linux kernel's keys subsystem handled
the termination condition in the associative array garbage collection
functionality. A local, unprivileged user could use this flaw to crash the
system. (CVE-2014-3631, Moderate)

* Multiple flaws were found in the way the Linux kernel's ALSA
implementation handled user controls. A local, privileged user could use
either of these flaws to crash the system. (CVE-2014-4654, CVE-2014-4655,
CVE-2014-4656, Moderate)

* A flaw was found in the way the Linux kernel's VFS subsystem handled
reference counting when performing unmount operations on symbolic links. A
local, unprivileged user could use this flaw to exhaust all available
memory on the system or, potentially, trigger a use-after-free error,
resulting in a system crash or privilege escalation. (CVE-2014-5045,
Moderate)

* A flaw was found in the way the get_dumpable() function return value was
interpreted in the ptrace subsystem of the Linux kernel. When
'fs.suid_dumpable' was set to 2, a local, unprivileged local user could
use this flaw to bypass intended ptrace restrictions and obtain
potentially sensitive information. (CVE-2013-2929, Low)

* A stack overflow flaw caused by infinite recursion was found in the way
the Linux kernel's UDF file system implementation processed indirect ICBs.
An attacker with physical access to the system could use a specially
crafted UDF image to crash the system. (CVE-2014-6410, Low)

* An information leak flaw in the way the Linux kernel handled media
device enumerate entities IOCTL requests could allow a local user able to
access the /dev/media0 device file to leak kernel memory bytes.
(CVE-2014-1739, Low)

* An out-of-bounds read flaw in the Logitech Unifying receiver driver
could allow an attacker with physical access to the system to crash the
system or, potentially, escalate their privileges on the system.
(CVE-2014-3182, Low)

* Multiple out-of-bounds write flaws were found in the way the Cherry
Cymotion keyboard driver, KYE/Genius device drivers, Logitech device
drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote
control driver, and Sunplus wireless desktop driver handled invalid HID
reports. An attacker with physical access to the system could use either
of these flaws to write data past an allocated memory buffer.
(CVE-2014-3184, Low)

* An information leak flaw was found in the RAM Disks Memory Copy (rd_mcp)
back end driver of the iSCSI Target subsystem could allow a privileged
user to leak the contents of kernel memory to an iSCSI initiator remote
client. (CVE-2014-4027, Low)

* An information leak flaw in the Linux kernel's ALSA implementation could
allow a local, privileged user to leak kernel memory to user space.
(CVE-2014-4652, Low)
--

SL7
  x86_64
    kernel-3.10.0-123.13.1.el7.x86_64.rpm
    kernel-debug-3.10.0-123.13.1.el7.x86_64.rpm
    kernel-debug-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm
    kernel-debug-devel-3.10.0-123.13.1.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-123.13.1.el7.x86_64.rpm
    kernel-devel-3.10.0-123.13.1.el7.x86_64.rpm
    kernel-headers-3.10.0-123.13.1.el7.x86_64.rpm
    kernel-tools-3.10.0-123.13.1.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm
    kernel-tools-libs-3.10.0-123.13.1.el7.x86_64.rpm
    perf-3.10.0-123.13.1.el7.x86_64.rpm
    perf-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-123.13.1.el7.x86_64.rpm
    kernel-tools-libs-devel-3.10.0-123.13.1.el7.x86_64.rpm
    python-perf-3.10.0-123.13.1.el7.x86_64.rpm
  noarch
    kernel-abi-whitelists-3.10.0-123.13.1.el7.noarch.rpm
    kernel-doc-3.10.0-123.13.1.el7.noarch.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2