Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: SLSA-2014:0981-1 Issue Date: 2014-07-29 CVE Numbers: CVE-2014-2672 CVE-2014-2678 CVE-2014-2706 CVE-2014-2851 CVE-2013-7339 CVE-2014-3144 CVE-2014-3145 CVE-2012-6647 -- * A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-2851, Important) * A NULL pointer dereference flaw was found in the way the futex_wait_requeue_pi() function of the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to crash the system. (CVE-2012-6647, Moderate) * A NULL pointer dereference flaw was found in the rds_ib_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. (CVE-2013-7339, Moderate) * It was found that a remote attacker could use a race condition flaw in the ath_tx_aggr_sleep() function to crash the system by creating large network traffic on the system's Atheros 9k wireless network adapter. (CVE-2014-2672, Moderate) * A NULL pointer dereference flaw was found in the rds_iw_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. (CVE-2014-2678, Moderate) * A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake- up code paths. A remote attacker could use this flaw to crash the system. (CVE-2014-2706, Moderate) * An out-of-bounds memory access flaw was found in the Netlink Attribute extension of the Berkeley Packet Filter (BPF) interpreter functionality in the Linux kernel's networking implementation. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space via a specially crafted socket filter. (CVE-2014-3144, CVE-2014-3145, Moderate) The system must be rebooted for this update to take effect. -- SL6 x86_64 kernel-2.6.32-431.23.3.el6.x86_64.rpm kernel-debug-2.6.32-431.23.3.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-431.23.3.el6.x86_64.rpm kernel-debug-devel-2.6.32-431.23.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-431.23.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-431.23.3.el6.x86_64.rpm kernel-devel-2.6.32-431.23.3.el6.x86_64.rpm kernel-headers-2.6.32-431.23.3.el6.x86_64.rpm perf-2.6.32-431.23.3.el6.x86_64.rpm perf-debuginfo-2.6.32-431.23.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-431.23.3.el6.x86_64.rpm python-perf-2.6.32-431.23.3.el6.x86_64.rpm i386 kernel-2.6.32-431.23.3.el6.i686.rpm kernel-debug-2.6.32-431.23.3.el6.i686.rpm kernel-debug-debuginfo-2.6.32-431.23.3.el6.i686.rpm kernel-debug-devel-2.6.32-431.23.3.el6.i686.rpm kernel-debuginfo-2.6.32-431.23.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-431.23.3.el6.i686.rpm kernel-devel-2.6.32-431.23.3.el6.i686.rpm kernel-headers-2.6.32-431.23.3.el6.i686.rpm perf-2.6.32-431.23.3.el6.i686.rpm perf-debuginfo-2.6.32-431.23.3.el6.i686.rpm python-perf-debuginfo-2.6.32-431.23.3.el6.i686.rpm python-perf-2.6.32-431.23.3.el6.i686.rpm noarch kernel-abi-whitelists-2.6.32-431.23.3.el6.noarch.rpm kernel-doc-2.6.32-431.23.3.el6.noarch.rpm kernel-firmware-2.6.32-431.23.3.el6.noarch.rpm - Scientific Linux Development Team