Synopsis: Moderate: kernel security and bug fix update
Advisory ID: SLSA-2015:1534-1
Issue Date: 2015-08-05
CVE Numbers: CVE-2015-2922
* An integer overflow flaw was found in the way the Linux kernel's
netfilter connection tracking implementation loaded extensions. An
attacker on a local network could potentially send a sequence of specially
crafted packets that would initiate the loading of a large number of
extensions, causing the targeted system in that network to crash.
* A stack-based buffer overflow flaw was found in the Linux kernel's early
load microcode functionality. On a system with UEFI Secure Boot enabled, a
local, privileged user could use this flaw to increase their privileges to
the kernel (ring0) level, bypassing intended restrictions in place.
* It was found that the Linux kernel's ping socket implementation did not
properly handle socket unhashing during spurious disconnects, which could
lead to a use-after-free flaw. On x86-64 architecture systems, a local
user able to create ping sockets could use this flaw to crash the system.
On non-x86-64 architecture systems, a local user able to create ping
sockets could use this flaw to escalate their privileges on the system.
* It was found that the Linux kernel's TCP/IP protocol suite
implementation for IPv6 allowed the Hop Limit value to be set to a smaller
value than the default one. An attacker on a local network could use this
flaw to prevent systems on that network from sending or receiving network
packets. (CVE-2015-2922, Low)
This update also fixes several bugs.
The system must be rebooted for this update to take effect.
- Scientific Linux Development Team