Date:         Mon, 3 Nov 2014 17:55:11 +0000
Reply-To:     scientific-linux-users@listserv.fnal.gov
Sender:       Security Errata for Scientific Linux
              
From:         Pat Riehecky 
Subject:      Security ERRATA Important: kernel on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis:          Important: kernel security, bug fix, and enhancement update
Advisory ID:       SLSA-2014:1392-1
Issue Date:        2014-10-14
CVE Numbers:       CVE-2013-4483
                   CVE-2014-3122
                   CVE-2014-0181
                   CVE-2014-4653
                   CVE-2014-4654
                   CVE-2014-4655
                   CVE-2014-5077
                   CVE-2013-2596
                   CVE-2014-4608
                   CVE-2014-5045
                   CVE-2014-3601
--

* A NULL pointer dereference flaw was found in the way the Linux kernel's
Stream Control Transmission Protocol (SCTP) implementation handled
simultaneous connections between the same hosts. A remote attacker could
use this flaw to crash the system. (CVE-2014-5077, Important)

* An integer overflow flaw was found in the way the Linux kernel's Frame
Buffer device implementation mapped kernel memory to user space via the
mmap syscall. A local user able to access a frame buffer device file
(/dev/fb*) could possibly use this flaw to escalate their privileges on
the system. (CVE-2013-2596, Important)

* A flaw was found in the way the ipc_rcu_putref() function in the Linux
kernel's IPC implementation handled reference counter decrementing. A
local, unprivileged user could use this flaw to trigger an Out of Memory
(OOM) condition and, potentially, crash the system. (CVE-2013-4483,
Moderate)

* It was found that the permission checks performed by the Linux kernel
when a netlink message was received were not sufficient. A local,
unprivileged user could potentially bypass these restrictions by passing a
netlink socket as stdout or stderr to a more privileged process and
altering the output of this process. (CVE-2014-0181, Moderate)

* It was found that the try_to_unmap_cluster() function in the Linux
kernel's Memory Managment subsystem did not properly handle page locking
in certain cases, which could potentially trigger the BUG_ON() macro in
the mlock_vma_page() function. A local, unprivileged user could use this
flaw to crash the system. (CVE-2014-3122, Moderate)

* A flaw was found in the way the Linux kernel's kvm_iommu_map_pages()
function handled IOMMU mapping failures. A privileged user in a guest with
an assigned host device could use this flaw to crash the host.
(CVE-2014-3601, Moderate)

* Multiple use-after-free flaws were found in the way the Linux kernel's
Advanced Linux Sound Architecture (ALSA) implementation handled user
controls. A local, privileged user could use either of these flaws to
crash the system. (CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, Moderate)

* A flaw was found in the way the Linux kernel's VFS subsystem handled
reference counting when performing unmount operations on symbolic links. A
local, unprivileged user could use this flaw to exhaust all available
memory on the system or, potentially, trigger a use-after-free error,
resulting in a system crash or privilege escalation. (CVE-2014-5045,
Moderate)

* An integer overflow flaw was found in the way the
lzo1x_decompress_safe() function of the Linux kernel's LZO implementation
processed Literal Runs. A local attacker could, in extremely rare cases,
use this flaw to crash the system or, potentially, escalate their
privileges on the system. (CVE-2014-4608, Low)

The system must be rebooted for this update to take effect.
--

SL6
  x86_64
    kernel-2.6.32-504.el6.x86_64.rpm
    kernel-debug-2.6.32-504.el6.x86_64.rpm
    kernel-debug-debuginfo-2.6.32-504.el6.x86_64.rpm
    kernel-debug-devel-2.6.32-504.el6.x86_64.rpm
    kernel-debuginfo-2.6.32-504.el6.x86_64.rpm
    kernel-debuginfo-common-x86_64-2.6.32-504.el6.x86_64.rpm
    kernel-devel-2.6.32-504.el6.x86_64.rpm
    kernel-headers-2.6.32-504.el6.x86_64.rpm
    perf-2.6.32-504.el6.x86_64.rpm
    perf-debuginfo-2.6.32-504.el6.x86_64.rpm
    python-perf-debuginfo-2.6.32-504.el6.x86_64.rpm
    python-perf-2.6.32-504.el6.x86_64.rpm
  i386
    kernel-2.6.32-504.el6.i686.rpm
    kernel-debug-2.6.32-504.el6.i686.rpm
    kernel-debug-debuginfo-2.6.32-504.el6.i686.rpm
    kernel-debug-devel-2.6.32-504.el6.i686.rpm
    kernel-debuginfo-2.6.32-504.el6.i686.rpm
    kernel-debuginfo-common-i686-2.6.32-504.el6.i686.rpm
    kernel-devel-2.6.32-504.el6.i686.rpm
    kernel-headers-2.6.32-504.el6.i686.rpm
    perf-2.6.32-504.el6.i686.rpm
    perf-debuginfo-2.6.32-504.el6.i686.rpm
    python-perf-debuginfo-2.6.32-504.el6.i686.rpm
    python-perf-2.6.32-504.el6.i686.rpm
  noarch
    kernel-abi-whitelists-2.6.32-504.el6.noarch.rpm
    kernel-doc-2.6.32-504.el6.noarch.rpm
    kernel-firmware-2.6.32-504.el6.noarch.rpm

- Scientific Linux Development Team