LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

April 2015

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA April 2015

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Important: kernel on SL6.x i386/x86_64
From:	Pat Riehecky <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Tue, 21 Apr 2015 19:24:18 +0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (106 lines)

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       SLSA-2015:0864-1
Issue Date:        2015-04-21
CVE Numbers:       CVE-2014-7825
                   CVE-2014-7826
                   CVE-2014-3690
                   CVE-2014-8884
                   CVE-2015-1421
                   CVE-2014-3215
                   CVE-2014-9529
                   CVE-2014-9584
                   CVE-2014-8171
--

* A flaw was found in the way seunshare, a utility for running executables
under a different security context, used the capng_lock functionality of
the libcap-ng library. The subsequent invocation of suid root binaries
that relied on the fact that the setuid() system call, among others, also
sets the saved set-user-ID when dropping the binaries' process privileges,
could allow a local, unprivileged user to potentially escalate their
privileges on the system. Note: the fix for this issue is the kernel part
of the overall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality
and the related SELinux exec transitions support. (CVE-2014-3215,
Important)

* A use-after-free flaw was found in the way the Linux kernel's SCTP
implementation handled authentication key reference counting during INIT
collisions. A remote attacker could use this flaw to crash the system or,
potentially, escalate their privileges on the system. (CVE-2015-1421,
Important)

* It was found that the Linux kernel's KVM implementation did not ensure
that the host CR4 control register value remained unchanged across VM
entries on the same virtual CPU. A local, unprivileged user could use this
flaw to cause a denial of service on the system. (CVE-2014-3690, Moderate)

* An out-of-bounds memory access flaw was found in the syscall tracing
functionality of the Linux kernel's perf subsystem. A local, unprivileged
user could use this flaw to crash the system. (CVE-2014-7825, Moderate)

* An out-of-bounds memory access flaw was found in the syscall tracing
functionality of the Linux kernel's ftrace subsystem. On a system with
ftrace syscall tracing enabled, a local, unprivileged user could use this
flaw to crash the system, or escalate their privileges. (CVE-2014-7826,
Moderate)

* It was found that the Linux kernel memory resource controller's (memcg)
handling of OOM (out of memory) conditions could lead to deadlocks. An
attacker able to continuously spawn new processes within a single memory-
constrained cgroup during an OOM event could use this flaw to lock up the
system. (CVE-2014-8171, Moderate)

* A race condition flaw was found in the way the Linux kernel keys
management subsystem performed key garbage collection. A local attacker
could attempt accessing a key while it was being garbage collected, which
would cause the system to crash. (CVE-2014-9529, Moderate)

* A stack-based buffer overflow flaw was found in the
TechnoTrend/Hauppauge DEC USB device driver. A local user with write
access to the corresponding device could use this flaw to crash the kernel
or, potentially, elevate their privileges on the system. (CVE-2014-8884,
Low)

* An information leak flaw was found in the way the Linux kernel's ISO9660
file system implementation accessed data on an ISO9660 image with
RockRidge Extension Reference (ER) records. An attacker with physical
access to the system could use this flaw to disclose up to 255 bytes of
kernel memory. (CVE-2014-9584, Low)

The system must be rebooted for this update to take effect.
--

SL6
  x86_64
    kernel-2.6.32-504.16.2.el6.x86_64.rpm
    kernel-debug-2.6.32-504.16.2.el6.x86_64.rpm
    kernel-debug-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm
    kernel-debug-devel-2.6.32-504.16.2.el6.x86_64.rpm
    kernel-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm
    kernel-debuginfo-common-x86_64-2.6.32-504.16.2.el6.x86_64.rpm
    kernel-devel-2.6.32-504.16.2.el6.x86_64.rpm
    kernel-headers-2.6.32-504.16.2.el6.x86_64.rpm
    perf-2.6.32-504.16.2.el6.x86_64.rpm
    perf-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm
    python-perf-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm
    python-perf-2.6.32-504.16.2.el6.x86_64.rpm
  i386
    kernel-2.6.32-504.16.2.el6.i686.rpm
    kernel-debug-2.6.32-504.16.2.el6.i686.rpm
    kernel-debug-debuginfo-2.6.32-504.16.2.el6.i686.rpm
    kernel-debug-devel-2.6.32-504.16.2.el6.i686.rpm
    kernel-debuginfo-2.6.32-504.16.2.el6.i686.rpm
    kernel-debuginfo-common-i686-2.6.32-504.16.2.el6.i686.rpm
    kernel-devel-2.6.32-504.16.2.el6.i686.rpm
    kernel-headers-2.6.32-504.16.2.el6.i686.rpm
    perf-2.6.32-504.16.2.el6.i686.rpm
    perf-debuginfo-2.6.32-504.16.2.el6.i686.rpm
    python-perf-debuginfo-2.6.32-504.16.2.el6.i686.rpm
    python-perf-2.6.32-504.16.2.el6.i686.rpm
  noarch
    kernel-abi-whitelists-2.6.32-504.16.2.el6.noarch.rpm
    kernel-doc-2.6.32-504.16.2.el6.noarch.rpm
    kernel-firmware-2.6.32-504.16.2.el6.noarch.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV