Date:         Thu, 19 Jun 2014 21:04:15 +0000
Reply-To:     scientific-linux-users@listserv.fnal.gov
Sender:       Security Errata for Scientific Linux
              
From:         Pat Riehecky 
Subject:      Security ERRATA Important: kernel on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       SLSA-2014:0771-1
Issue Date:        2014-06-19
CVE Numbers:       CVE-2013-6378
                   CVE-2014-1874
                   CVE-2014-1737
                   CVE-2014-1738
                   CVE-2014-2039
                   CVE-2014-0203
                   CVE-2014-3153
--

* A flaw was found in the way the Linux kernel's futex subsystem handled
the requeuing of certain Priority Inheritance (PI) futexes. A local,
unprivileged user could use this flaw to escalate their privileges on the
system. (CVE-2014-3153, Important)

* A flaw was found in the way the Linux kernel's floppy driver handled
user space provided data in certain error code paths while processing
FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could
use this flaw to free (using the kfree() function) arbitrary kernel
memory. (CVE-2014-1737, Important)

* It was found that the Linux kernel's floppy driver leaked internal
kernel memory addresses to user space during the processing of the
FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could
use this flaw to obtain information about the kernel heap arrangement.
(CVE-2014-1738, Low)

Note: A local user with write access to /dev/fdX could use these two flaws
(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their
privileges on the system.

* It was discovered that the proc_ns_follow_link() function did not
properly return the LAST_BIND value in the last pathname component as is
expected for procfs symbolic links, which could lead to excessive freeing
of memory and consequent slab corruption. A local, unprivileged user could
use this flaw to crash the system. (CVE-2014-0203, Moderate)

* A flaw was found in the way the Linux kernel handled exceptions when
user-space applications attempted to use the linkage stack. On IBM S/390
systems, a local, unprivileged user could use this flaw to crash the
system. (CVE-2014-2039, Moderate)

* An invalid pointer dereference flaw was found in the Marvell 8xxx
Libertas WLAN (libertas) driver in the Linux kernel. A local user able to
write to a file that is provided by the libertas driver and located on the
debug file system (debugfs) could use this flaw to crash the system. Note:
The debugfs file system must be mounted locally to exploit this issue. It
is not mounted by default. (CVE-2013-6378, Low)

* A denial of service flaw was discovered in the way the Linux kernel's
SELinux implementation handled files with an empty SELinux security
context. A local user who has the CAP_MAC_ADMIN capability could use this
flaw to crash the system. (CVE-2014-1874, Low)

The system must be rebooted for this update to take effect.
--

SL6
  x86_64
    kernel-2.6.32-431.20.3.el6.x86_64.rpm
    kernel-debug-2.6.32-431.20.3.el6.x86_64.rpm
    kernel-debug-debuginfo-2.6.32-431.20.3.el6.x86_64.rpm
    kernel-debug-devel-2.6.32-431.20.3.el6.x86_64.rpm
    kernel-debuginfo-2.6.32-431.20.3.el6.x86_64.rpm
    kernel-debuginfo-common-x86_64-2.6.32-431.20.3.el6.x86_64.rpm
    kernel-devel-2.6.32-431.20.3.el6.x86_64.rpm
    kernel-headers-2.6.32-431.20.3.el6.x86_64.rpm
    perf-2.6.32-431.20.3.el6.x86_64.rpm
    perf-debuginfo-2.6.32-431.20.3.el6.x86_64.rpm
    python-perf-debuginfo-2.6.32-431.20.3.el6.x86_64.rpm
    python-perf-2.6.32-431.20.3.el6.x86_64.rpm
  i386
    kernel-2.6.32-431.20.3.el6.i686.rpm
    kernel-debug-2.6.32-431.20.3.el6.i686.rpm
    kernel-debug-debuginfo-2.6.32-431.20.3.el6.i686.rpm
    kernel-debug-devel-2.6.32-431.20.3.el6.i686.rpm
    kernel-debuginfo-2.6.32-431.20.3.el6.i686.rpm
    kernel-debuginfo-common-i686-2.6.32-431.20.3.el6.i686.rpm
    kernel-devel-2.6.32-431.20.3.el6.i686.rpm
    kernel-headers-2.6.32-431.20.3.el6.i686.rpm
    perf-2.6.32-431.20.3.el6.i686.rpm
    perf-debuginfo-2.6.32-431.20.3.el6.i686.rpm
    python-perf-debuginfo-2.6.32-431.20.3.el6.i686.rpm
    python-perf-2.6.32-431.20.3.el6.i686.rpm
  noarch
    kernel-abi-whitelists-2.6.32-431.20.3.el6.noarch.rpm
    kernel-doc-2.6.32-431.20.3.el6.noarch.rpm
    kernel-firmware-2.6.32-431.20.3.el6.noarch.rpm

- Scientific Linux Development Team

SciLinux: CVE-2013-6378 Important: kernel SL6.x i386/x86_64

Important: kernel security and bug fix update

Summary

Important: kernel security and bug fix update



Security Fixes

Severity
Advisory ID: SLSA-2014:0771-1
Issued Date: : 2014-06-19
CVE Numbers: CVE-2013-6378
CVE-2014-1874
CVE-2014-1737