LISTSERV 16.5 - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:          Moderate: kernel security and bug fix update
Advisory ID:       SLSA-2015:1534-1
Issue Date:        2015-08-05
CVE Numbers:       CVE-2015-2922
                   CVE-2015-3636
                   CVE-2015-2666
                   CVE-2014-9715
--

* An integer overflow flaw was found in the way the Linux kernel's
netfilter connection tracking implementation loaded extensions. An
attacker on a local network could potentially send a sequence of specially
crafted packets that would initiate the loading of a large number of
extensions, causing the targeted system in that network to crash.
(CVE-2014-9715, Moderate)

* A stack-based buffer overflow flaw was found in the Linux kernel's early
load microcode functionality. On a system with UEFI Secure Boot enabled, a
local, privileged user could use this flaw to increase their privileges to
the kernel (ring0) level, bypassing intended restrictions in place.
(CVE-2015-2666, Moderate)

* It was found that the Linux kernel's ping socket implementation did not
properly handle socket unhashing during spurious disconnects, which could
lead to a use-after-free flaw. On x86-64 architecture systems, a local
user able to create ping sockets could use this flaw to crash the system.
On non-x86-64 architecture systems, a local user able to create ping
sockets could use this flaw to escalate their privileges on the system.
(CVE-2015-3636, Moderate)

* It was found that the Linux kernel's TCP/IP protocol suite
implementation for IPv6 allowed the Hop Limit value to be set to a smaller
value than the default one. An attacker on a local network could use this
flaw to prevent systems on that network from sending or receiving network
packets. (CVE-2015-2922, Low)

This update also fixes several bugs.

The system must be rebooted for this update to take effect.
--

SL7
  x86_64
    kernel-3.10.0-229.11.1.el7.x86_64.rpm
    kernel-debug-3.10.0-229.11.1.el7.x86_64.rpm
    kernel-debug-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm
    kernel-debug-devel-3.10.0-229.11.1.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-229.11.1.el7.x86_64.rpm
    kernel-devel-3.10.0-229.11.1.el7.x86_64.rpm
    kernel-headers-3.10.0-229.11.1.el7.x86_64.rpm
    kernel-tools-3.10.0-229.11.1.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm
    kernel-tools-libs-3.10.0-229.11.1.el7.x86_64.rpm
    perf-3.10.0-229.11.1.el7.x86_64.rpm
    perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm
    kernel-tools-libs-devel-3.10.0-229.11.1.el7.x86_64.rpm
    python-perf-3.10.0-229.11.1.el7.x86_64.rpm
  noarch
    kernel-abi-whitelists-3.10.0-229.11.1.el7.noarch.rpm
    kernel-doc-3.10.0-229.11.1.el7.noarch.rpm

- Scientific Linux Development Team