 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Tue, 15 Sep 2015 19:26:15 +0000 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Important: kernel security and bug fix update
Advisory ID: SLSA-2015:1778-1
Issue Date: 2015-09-15
CVE Numbers: CVE-2014-9585
CVE-2015-5366
CVE-2015-5364
CVE-2015-0275
CVE-2015-3212
CVE-2015-4700
CVE-2015-1333
--
* A flaw was found in the kernel's implementation of the Berkeley Packet
Filter (BPF). A local attacker could craft BPF code to crash the system by
creating a situation in which the JIT compiler would fail to correctly
optimize the JIT image on the last pass. This would lead to the CPU
executing instructions that were not part of the JIT code. (CVE-2015-4700,
Important)
* Two flaws were found in the way the Linux kernel's networking
implementation handled UDP packets with incorrect checksum values. A
remote attacker could potentially use these flaws to trigger an infinite
loop in the kernel, resulting in a denial of service on the system, or
cause a denial of service in applications using the edge triggered epoll
functionality. (CVE-2015-5364, CVE-2015-5366, Important)
* A flaw was found in the way the Linux kernel's ext4 file system handled
the "page size > block size" condition when the fallocate zero range
functionality was used. A local attacker could use this flaw to crash the
system. (CVE-2015-0275, Moderate)
* It was found that the Linux kernel's keyring implementation would leak
memory when adding a key to a keyring via the add_key() function. A local
attacker could use this flaw to exhaust all available memory on the
system. (CVE-2015-1333, Moderate)
* A race condition flaw was found in the way the Linux kernel's SCTP
implementation handled Address Configuration lists when performing Address
Configuration Change (ASCONF). A local attacker could use this flaw to
crash the system via a race condition triggered by setting certain ASCONF
options on a socket. (CVE-2015-3212, Moderate)
* An information leak flaw was found in the way the Linux kernel's Virtual
Dynamic Shared Object (vDSO) implementation performed address
randomization. A local, unprivileged user could use this flaw to leak
kernel memory addresses to user-space. (CVE-2014-9585, Low)
This update also fixes several bugs.
The system must be rebooted for this update to take effect.
--
SL7
x86_64
kernel-3.10.0-229.14.1.el7.x86_64.rpm
kernel-debug-3.10.0-229.14.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-229.14.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-229.14.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-229.14.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-229.14.1.el7.x86_64.rpm
kernel-devel-3.10.0-229.14.1.el7.x86_64.rpm
kernel-headers-3.10.0-229.14.1.el7.x86_64.rpm
kernel-tools-3.10.0-229.14.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-229.14.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-229.14.1.el7.x86_64.rpm
perf-3.10.0-229.14.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-229.14.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-229.14.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-229.14.1.el7.x86_64.rpm
python-perf-3.10.0-229.14.1.el7.x86_64.rpm
noarch
kernel-abi-whitelists-3.10.0-229.14.1.el7.noarch.rpm
kernel-doc-3.10.0-229.14.1.el7.noarch.rpm
- Scientific Linux Development Team
|
|
|
