Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Scientific Linux 6.x SLSA-2015:0864-1 Important Kernel Update CVE-2014-7825

Scientific Large Esm H446
Important: kernel security and bug fix update
Date: Tue, 21 Apr 2015 19:24:18 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: kernel on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: kernel security and bug fix update
Advisory ID: SLSA-2015:0864-1
Issue Date: 2015-04-21
CVE Numbers: CVE-2014-7825
 CVE-2014-7826
 CVE-2014-3690
 CVE-2014-8884
 CVE-2015-1421
 CVE-2014-3215
 CVE-2014-9529
 CVE-2014-9584
 CVE-2014-8171
--

* A flaw was found in the way seunshare, a utility for running executables
under a different security context, used the capng_lock functionality of
the libcap-ng library. The subsequent invocation of suid root binaries
that relied on the fact that the setuid() system call, among others, also
sets the saved set-user-ID when dropping the binaries' process privileges,
could allow a local, unprivileged user to potentially escalate their
privileges on the system. Note: the fix for this issue is the kernel part
of the overall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality
and the related SELinux exec transitions support. (CVE-2014-3215,
Important)

* A use-after-free flaw was found in the way the Linux kernel's SCTP
implementation handled authentication key reference counting during INIT
collisions. A remote attacker could use this flaw to crash the system or,
potentially, escalate their privileges on the system. (CVE-2015-1421,
Important)

* It was found that the Linux kernel's KVM implementation did not ensure
that the host CR4 control register value remained unchanged across VM
entries on the same virtual CPU. A local, unprivileged user could use this
flaw to cause a denial of service on the system. (CVE-2014-3690, Moderate)

* An out-of-bounds memory access flaw was found in the syscall tracing
functionality of the Linux kernel's perf subsystem. A local, unprivileged
user could use this flaw to crash the system. (CVE-2014-7825, Moderate)

* An out-of-bounds memory access flaw was found in the syscall tracing
functionality of the Linux kernel's ftrace subsystem. On a system with
ftrace syscall tracing enabled, a local, unprivileged user could use this
flaw to crash the system, or escalate their privileges. (CVE-2014-7826,
Moderate)

* It was found that the Linux kernel memory resource controller's (memcg)
handling of OOM (out of memory) conditions could lead to deadlocks. An
attacker able to continuously spawn new processes within a single memory-
constrained cgroup during an OOM event could use this flaw to lock up the
system. (CVE-2014-8171, Moderate)

* A race condition flaw was found in the way the Linux kernel keys
management subsystem performed key garbage collection. A local attacker
could attempt accessing a key while it was being garbage collected, which
would cause the system to crash. (CVE-2014-9529, Moderate)

* A stack-based buffer overflow flaw was found in the
TechnoTrend/Hauppauge DEC USB device driver. A local user with write
access to the corresponding device could use this flaw to crash the kernel
or, potentially, elevate their privileges on the system. (CVE-2014-8884,
Low)

* An information leak flaw was found in the way the Linux kernel's ISO9660
file system implementation accessed data on an ISO9660 image with
RockRidge Extension Reference (ER) records. An attacker with physical
access to the system could use this flaw to disclose up to 255 bytes of
kernel memory. (CVE-2014-9584, Low)

The system must be rebooted for this update to take effect.
--

SL6
 x86_64
 kernel-2.6.32-504.16.2.el6.x86_64.rpm
 kernel-debug-2.6.32-504.16.2.el6.x86_64.rpm
 kernel-debug-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm
 kernel-debug-devel-2.6.32-504.16.2.el6.x86_64.rpm
 kernel-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm
 kernel-debuginfo-common-x86_64-2.6.32-504.16.2.el6.x86_64.rpm
 kernel-devel-2.6.32-504.16.2.el6.x86_64.rpm
 kernel-headers-2.6.32-504.16.2.el6.x86_64.rpm
 perf-2.6.32-504.16.2.el6.x86_64.rpm
 perf-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm
 python-perf-debuginfo-2.6.32-504.16.2.el6.x86_64.rpm
 python-perf-2.6.32-504.16.2.el6.x86_64.rpm
 i386
 kernel-2.6.32-504.16.2.el6.i686.rpm
 kernel-debug-2.6.32-504.16.2.el6.i686.rpm
 kernel-debug-debuginfo-2.6.32-504.16.2.el6.i686.rpm
 kernel-debug-devel-2.6.32-504.16.2.el6.i686.rpm
 kernel-debuginfo-2.6.32-504.16.2.el6.i686.rpm
 kernel-debuginfo-common-i686-2.6.32-504.16.2.el6.i686.rpm
 kernel-devel-2.6.32-504.16.2.el6.i686.rpm
 kernel-headers-2.6.32-504.16.2.el6.i686.rpm
 perf-2.6.32-504.16.2.el6.i686.rpm
 perf-debuginfo-2.6.32-504.16.2.el6.i686.rpm
 python-perf-debuginfo-2.6.32-504.16.2.el6.i686.rpm
 python-perf-2.6.32-504.16.2.el6.i686.rpm
 noarch
 kernel-abi-whitelists-2.6.32-504.16.2.el6.noarch.rpm
 kernel-doc-2.6.32-504.16.2.el6.noarch.rpm
 kernel-firmware-2.6.32-504.16.2.el6.noarch.rpm

- Scientific Linux Development Team