Synopsis: Moderate: kernel security, bug fix, and enhancement update Advisory ID: SLSA-2015:1221-1 Issue Date: 2015-07-14 CVE Numbers: CVE-2015-1593 CVE-2015-2830 CVE-2011-5321 CVE-2015-2922 CVE-2015-3636 -- * A NULL pointer dereference flaw was found in the way the Linux kernel's virtual console implementation handled reference counting when accessing pseudo-terminal device files (/dev/pts/*). A local, unprivileged attacker could use this flaw to crash the system. (CVE-2011-5321, Moderate) * It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system. (CVE-2015-3636, Moderate) * An integer overflow flaw was found in the way the Linux kernel randomized the stack for processes on certain 64-bit architecture systems, such as x86-64, causing the stack entropy to be reduced by four. (CVE-2015-1593, Low) * A flaw was found in the way the Linux kernel's 32-bit emulation implementation handled forking or closing of a task with an 'int80' entry. A local user could potentially use this flaw to escalate their privileges on the system. (CVE-2015-2830, Low) * It was found that the Linux kernel's TCP/IP protocol suite implementation for IPv6 allowed the Hop Limit value to be set to a smaller value than the default one. An attacker on a local network could use this flaw to prevent systems on that network from sending or receiving network packets. (CVE-2015-2922, Low) For information on the most significant of these changes, users are directed to the following article on the Red Hat Customer Portal: The system must be rebooted for this update to take effect. -- SL6 x86_64 kernel-2.6.32-504.30.3.el6.x86_64.rpm kernel-debug-2.6.32-504.30.3.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm kernel-debug-devel-2.6.32-504.30.3.el6.x86_64.rpm kernel-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-504.30.3.el6.x86_64.rpm kernel-devel-2.6.32-504.30.3.el6.x86_64.rpm kernel-headers-2.6.32-504.30.3.el6.x86_64.rpm perf-2.6.32-504.30.3.el6.x86_64.rpm perf-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm python-perf-debuginfo-2.6.32-504.30.3.el6.x86_64.rpm python-perf-2.6.32-504.30.3.el6.x86_64.rpm i386 kernel-2.6.32-504.30.3.el6.i686.rpm kernel-debug-2.6.32-504.30.3.el6.i686.rpm kernel-debug-debuginfo-2.6.32-504.30.3.el6.i686.rpm kernel-debug-devel-2.6.32-504.30.3.el6.i686.rpm kernel-debuginfo-2.6.32-504.30.3.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-504.30.3.el6.i686.rpm kernel-devel-2.6.32-504.30.3.el6.i686.rpm kernel-headers-2.6.32-504.30.3.el6.i686.rpm perf-2.6.32-504.30.3.el6.i686.rpm perf-debuginfo-2.6.32-504.30.3.el6.i686.rpm python-perf-debuginfo-2.6.32-504.30.3.el6.i686.rpm python-perf-2.6.32-504.30.3.el6.i686.rpm noarch kernel-abi-whitelists-2.6.32-504.30.3.el6.noarch.rpm kernel-doc-2.6.32-504.30.3.el6.noarch.rpm kernel-firmware-2.6.32-504.30.3.el6.noarch.rpm Included for dependencies: noarch dracut-004-356.el6_6.3.noarch.rpm dracut-caps-004-356.el6_6.3.noarch.rpm dracut-fips-004-356.el6_6.3.noarch.rpm dracut-fips-aesni-004-356.el6_6.3.noarch.rpm dracut-generic-004-356.el6_6.3.noarch.rpm dracut-kernel-004-356.el6_6.3.noarch.rpm dracut-network-004-356.el6_6.3.noarch.rpm dracut-tools-004-356.el6_6.3.noarch.rpm - Scientific Linux Development Team