Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Scientific Linux: 2015:1534-1 Moderate: Kernel Addressing Local Threats

Calendar Aug 06, 2015 User Avatar LinuxSecurity Advisories
2 - 3 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory security issue kernel update integer overflow local network Scientific Linux stack-based overflow
Moderate: kernel security and bug fix update 
Date: Thu, 6 Aug 2015 13:28:24 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: kernel on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20150806132824.23698.79961@slpackages.fnal.gov>

Synopsis: Moderate: kernel security and bug fix update
Advisory ID: SLSA-2015:1534-1
Issue Date: 2015-08-05
CVE Numbers: CVE-2015-2922
 CVE-2015-3636
 CVE-2015-2666
 CVE-2014-9715
--

* An integer overflow flaw was found in the way the Linux kernel's
netfilter connection tracking implementation loaded extensions. An
attacker on a local network could potentially send a sequence of specially
crafted packets that would initiate the loading of a large number of
extensions, causing the targeted system in that network to crash.
(CVE-2014-9715, Moderate)

* A stack-based buffer overflow flaw was found in the Linux kernel's early
load microcode functionality. On a system with UEFI Secure Boot enabled, a
local, privileged user could use this flaw to increase their privileges to
the kernel (ring0) level, bypassing intended restrictions in place.
(CVE-2015-2666, Moderate)

* It was found that the Linux kernel's ping socket implementation did not
properly handle socket unhashing during spurious disconnects, which could
lead to a use-after-free flaw. On x86-64 architecture systems, a local
user able to create ping sockets could use this flaw to crash the system.
On non-x86-64 architecture systems, a local user able to create ping
sockets could use this flaw to escalate their privileges on the system.
(CVE-2015-3636, Moderate)

* It was found that the Linux kernel's TCP/IP protocol suite
implementation for IPv6 allowed the Hop Limit value to be set to a smaller
value than the default one. An attacker on a local network could use this
flaw to prevent systems on that network from sending or receiving network
packets. (CVE-2015-2922, Low)

This update also fixes several bugs.

The system must be rebooted for this update to take effect.
--

SL7
 x86_64
 kernel-3.10.0-229.11.1.el7.x86_64.rpm
 kernel-debug-3.10.0-229.11.1.el7.x86_64.rpm
 kernel-debug-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm
 kernel-debug-devel-3.10.0-229.11.1.el7.x86_64.rpm
 kernel-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm
 kernel-debuginfo-common-x86_64-3.10.0-229.11.1.el7.x86_64.rpm
 kernel-devel-3.10.0-229.11.1.el7.x86_64.rpm
 kernel-headers-3.10.0-229.11.1.el7.x86_64.rpm
 kernel-tools-3.10.0-229.11.1.el7.x86_64.rpm
 kernel-tools-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm
 kernel-tools-libs-3.10.0-229.11.1.el7.x86_64.rpm
 perf-3.10.0-229.11.1.el7.x86_64.rpm
 perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm
 python-perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm
 kernel-tools-libs-devel-3.10.0-229.11.1.el7.x86_64.rpm
 python-perf-3.10.0-229.11.1.el7.x86_64.rpm
 noarch
 kernel-abi-whitelists-3.10.0-229.11.1.el7.noarch.rpm
 kernel-doc-3.10.0-229.11.1.el7.noarch.rpm

- Scientific Linux Development Team
Your message here