SciLinux: CVE-2015-2922 Moderate: kernel SL7.x x86_64
Summary
Moderate: kernel security and bug fix update
Date: Thu, 6 Aug 2015 13:28:24 +0000 Reply-To: scientific-linux-users@listserv.fnal.gov Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Security ERRATA Moderate: kernel on SL7.x x86_64 MIME-Version: 1.0 Message-ID: <20150806132824.23698.79961@slpackages.fnal.gov> Synopsis: Moderate: kernel security and bug fix update Advisory ID: SLSA-2015:1534-1 Issue Date: 2015-08-05 CVE Numbers: CVE-2015-2922 CVE-2015-3636 CVE-2015-2666 CVE-2014-9715 -- * An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash. (CVE-2014-9715, Moderate) * A stack-based buffer overflow flaw was found in the Linux kernel's early load microcode functionality. On a system with UEFI Secure Boot enabled, a local, privileged user could use this flaw to increase their privileges to the kernel (ring0) level, bypassing intended restrictions in place. (CVE-2015-2666, Moderate) * It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system. (CVE-2015-3636, Moderate) * It was found that the Linux kernel's TCP/IP protocol suite implementation for IPv6 allowed the Hop Limit value to be set to a smaller value than the default one. An attacker on a local network could use this flaw to prevent systems on that network from sending or receiving network packets. (CVE-2015-2922, Low) This update also fixes several bugs. The system must be rebooted for this update to take effect. -- SL7 x86_64 kernel-3.10.0-229.11.1.el7.x86_64.rpm kernel-debug-3.10.0-229.11.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-229.11.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-229.11.1.el7.x86_64.rpm kernel-devel-3.10.0-229.11.1.el7.x86_64.rpm kernel-headers-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-229.11.1.el7.x86_64.rpm perf-3.10.0-229.11.1.el7.x86_64.rpm perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-229.11.1.el7.x86_64.rpm python-perf-3.10.0-229.11.1.el7.x86_64.rpm noarch kernel-abi-whitelists-3.10.0-229.11.1.el7.noarch.rpm kernel-doc-3.10.0-229.11.1.el7.noarch.rpm - Scientific Linux Development Team
Moderate: kernel security and bug fix update