SciLinux: SLSA-2019-2863-1 Important: kernel on SL6.x i386/x86_64

    Date23 Sep 2019
    326
    Posted ByLinuxSecurity Advisories
    A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) SL6 x86_64 kernel-2.6.32-754.23 [More...]
    Synopsis: Important: kernel security update
    Advisory ID:       SLSA-2019:2863-1
    Issue Date:        2019-09-23
    CVE Numbers:       CVE-2019-14835
    --
    
    Security Fix(es):
    
    * A buffer overflow flaw was found in the way Linux kernel's vhost
    functionality that translates virtqueue buffers to IOVs, logged the buffer
    descriptors during migration. A privileged guest user able to pass
    descriptors with invalid length to the host when migration is underway,
    could use this flaw to increase their privileges on the host.
    (CVE-2019-14835)
    --
    
    SL6
      x86_64
        kernel-2.6.32-754.23.1.el6.x86_64.rpm
        kernel-debug-2.6.32-754.23.1.el6.x86_64.rpm
        kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm
        kernel-debug-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
        kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm
        kernel-debug-devel-2.6.32-754.23.1.el6.x86_64.rpm
        kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm
        kernel-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
        kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm
        kernel-debuginfo-common-x86_64-2.6.32-754.23.1.el6.x86_64.rpm
        kernel-devel-2.6.32-754.23.1.el6.x86_64.rpm
        kernel-headers-2.6.32-754.23.1.el6.x86_64.rpm
        perf-2.6.32-754.23.1.el6.x86_64.rpm
        perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
        perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
        python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
        python-perf-debuginfo-2.6.32-754.23.1.el6.x86_64.rpm
        python-perf-2.6.32-754.23.1.el6.x86_64.rpm
      i386
        kernel-2.6.32-754.23.1.el6.i686.rpm
        kernel-debug-2.6.32-754.23.1.el6.i686.rpm
        kernel-debug-debuginfo-2.6.32-754.23.1.el6.i686.rpm
        kernel-debug-devel-2.6.32-754.23.1.el6.i686.rpm
        kernel-debuginfo-2.6.32-754.23.1.el6.i686.rpm
        kernel-debuginfo-common-i686-2.6.32-754.23.1.el6.i686.rpm
        kernel-devel-2.6.32-754.23.1.el6.i686.rpm
        kernel-headers-2.6.32-754.23.1.el6.i686.rpm
        perf-2.6.32-754.23.1.el6.i686.rpm
        perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
        python-perf-debuginfo-2.6.32-754.23.1.el6.i686.rpm
        python-perf-2.6.32-754.23.1.el6.i686.rpm
      noarch
        kernel-abi-whitelists-2.6.32-754.23.1.el6.noarch.rpm
        kernel-doc-2.6.32-754.23.1.el6.noarch.rpm
        kernel-firmware-2.6.32-754.23.1.el6.noarch.rpm
    
    - Scientific Linux Development Team
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"22","type":"x","order":"1","pct":55,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.5,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":32.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.