Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Kernel Security Update SLSA-2015:0164-1 for Scientific Linux SL5.x

Scientific Large Esm H446
Moderate: kernel security and bug fix update
Date: Wed, 11 Feb 2015 15:46:19 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: kernel on SL5.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: kernel security and bug fix update
Advisory ID: SLSA-2015:0164-1
Issue Date: 2015-02-10
CVE Numbers: CVE-2014-7822
--

* A flaw was found in the way the Linux kernel's splice() system call
validated its parameters. On certain file systems, a local, unprivileged
user could use this flaw to write past the maximum file size, and thus
crash the system. (CVE-2014-7822, Moderate)

This update also fixes the following bugs:

* Previously, hot-unplugging of a virtio-blk device could in some cases
lead to a kernel panic, for example during in-flight I/O requests. This
update fixes race condition in the hot-unplug code in the virtio_blk.ko
module. As a result, hot unplugging of the virtio-blk device no longer
causes the guest kernel oops when there are in-flight I/O requests.

* Before this update, due to a bug in the error-handling path, a corrupted
metadata block could be used as a valid block. With this update, the error
handling path has been fixed and more checks have been added to verify the
metadata block. Now, when a corrupted metadata block is encountered, it is
properly marked as corrupted and handled accordingly.

* Previously, an incorrectly initialized variable resulted in a random
value being stored in the variable that holds the number of default ACLs,
and is sent in the SET_PATH_INFO data structure. Consequently, the setfacl
command could, under certain circumstances, fail with an "Invalid
argument" error. With this update, the variable is correctly initialized
to zero, thus fixing the bug.

The system must be rebooted for this update to take effect.
--

SL5
 x86_64
 kernel-2.6.18-402.el5.x86_64.rpm
 kernel-debug-2.6.18-402.el5.x86_64.rpm
 kernel-debug-debuginfo-2.6.18-402.el5.x86_64.rpm
 kernel-debug-devel-2.6.18-402.el5.x86_64.rpm
 kernel-debuginfo-2.6.18-402.el5.x86_64.rpm
 kernel-debuginfo-common-2.6.18-402.el5.x86_64.rpm
 kernel-devel-2.6.18-402.el5.x86_64.rpm
 kernel-headers-2.6.18-402.el5.x86_64.rpm
 kernel-xen-2.6.18-402.el5.x86_64.rpm
 kernel-xen-debuginfo-2.6.18-402.el5.x86_64.rpm
 kernel-xen-devel-2.6.18-402.el5.x86_64.rpm
 i386
 kernel-2.6.18-402.el5.i686.rpm
 kernel-PAE-2.6.18-402.el5.i686.rpm
 kernel-PAE-debuginfo-2.6.18-402.el5.i686.rpm
 kernel-PAE-devel-2.6.18-402.el5.i686.rpm
 kernel-debug-2.6.18-402.el5.i686.rpm
 kernel-debug-debuginfo-2.6.18-402.el5.i686.rpm
 kernel-debug-devel-2.6.18-402.el5.i686.rpm
 kernel-debuginfo-2.6.18-402.el5.i686.rpm
 kernel-debuginfo-common-2.6.18-402.el5.i686.rpm
 kernel-devel-2.6.18-402.el5.i686.rpm
 kernel-headers-2.6.18-402.el5.i386.rpm
 kernel-xen-2.6.18-402.el5.i686.rpm
 kernel-xen-debuginfo-2.6.18-402.el5.i686.rpm
 kernel-xen-devel-2.6.18-402.el5.i686.rpm
 noarch
 kernel-doc-2.6.18-402.el5.noarch.rpm

- Scientific Linux Development Team