[LU-4620] Kernel update [RHEL6.5 2.6.32-431.5.1.el6] - Whamcloud Community JIRA

Details

Type: Improvement
Resolution: Fixed
Priority: Blocker
Fix Version/s: Lustre 2.6.0, Lustre 2.5.1
Affects Version/s: None
Labels:
- MB

Rank (Obsolete):
12645

Description

This update fixes the following security issues:

A buffer overflow flaw was found in the way the qeth_snmp_command()
function in the Linux kernel's QETH network device driver implementation
handled SNMP IOCTL requests with an out-of-bounds length. A local,
unprivileged user could use this flaw to crash the system or, potentially,
escalate their privileges on the system. (CVE-2013-6381, Important)

A flaw was found in the way the get_dumpable() function return value was
interpreted in the ptrace subsystem of the Linux kernel. When
'fs.suid_dumpable' was set to 2, a local, unprivileged local user could
use this flaw to bypass intended ptrace restrictions and obtain
potentially sensitive information. (CVE-2013-2929, Low)

It was found that certain protocol handlers in the Linux kernel's
networking implementation could set the addr_len value without initializing
the associated data structure. A local, unprivileged user could use this
flaw to leak kernel stack memory to user space using the recvmsg, recvfrom,
and recvmmsg system calls (CVE-2013-7263, CVE-2013-7265, Low).

This update also fixes several bugs.

Bugs fixed (https://bugzilla.redhat.com/):

1028148 - CVE-2013-2929 kernel: exec/ptrace: get_dumpable() incorrect tests
1033600 - CVE-2013-6381 Kernel: qeth: buffer overflow in snmp ioctl
1035875 - CVE-2013-7263 CVE-2013-7265 Kernel: net: leakage of uninitialized memory to user-space via recv syscalls

Attachments

Issue Links

is related to

LU-4628 Kernel update [RHEL6.5 2.6.32-431.5.1.el6]

Resolved

Activity

[LU-4620] Kernel update [RHEL6.5 2.6.32-431.5.1.el6]

Peter Jones made changes - 21/Feb/14 1:39 PM

Fix Version/s

New: Lustre 2.5.1 [ 10608 ]

Peter Jones made changes - 20/Feb/14 7:57 PM

Labels

Original: MB mq114

New: MB

Peter Jones made changes - 20/Feb/14 7:57 PM

Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

Peter Jones made changes - 14/Feb/14 7:14 PM

Labels

Original: MB

New: MB mq114

Bob Glossman (Inactive) made changes - 13/Feb/14 10:16 PM

Link

New: This issue is blocked by TEI-1510 [ TEI-1510 ]

Peter Jones made changes - 13/Feb/14 8:25 PM

Link

Original: This issue duplicates ~~LU-4623~~ [ ~~LU-4623~~ ]

Jodi Levi (Inactive) made changes - 13/Feb/14 6:07 PM

Link

New: This issue duplicates ~~LU-4623~~ [ ~~LU-4623~~ ]

Jodi Levi (Inactive) made changes - 13/Feb/14 6:06 PM

Labels		New: MB
Priority	Original: Minor [ 4 ]	New: Blocker [ 1 ]

Dmitry Eremin (Inactive) made changes - 13/Feb/14 3:59 PM

Link

New: This issue is related to ~~LU-4628~~ [ ~~LU-4628~~ ]

Bob Glossman (Inactive) made changes - 13/Feb/14 3:49 PM

Description

Original: This update fixes the following security issues:

* A buffer overflow flaw was found in the way the qeth_snmp_command()
function in the Linux kernel's QETH network device driver implementation
handled SNMP IOCTL requests with an out-of-bounds length. A local,
unprivileged user could use this flaw to crash the system or, potentially,
escalate their privileges on the system. (CVE-2013-6381, Important)

* A flaw was found in the way the get_dumpable() function return value was
interpreted in the ptrace subsystem of the Linux kernel. When
'fs.suid_dumpable' was set to 2, a local, unprivileged local user could
use this flaw to bypass intended ptrace restrictions and obtain
potentially sensitive information. (CVE-2013-2929, Low)

* It was found that certain protocol handlers in the Linux kernel's
networking implementation could set the addr_len value without initializing
the associated data structure. A local, unprivileged user could use this
flaw to leak kernel stack memory to user space using the recvmsg, recvfrom,
and recvmmsg system calls (CVE-2013-7263, CVE-2013-7265, Low).

This update also fixes several bugs.
Bugs fixed (https://bugzilla.redhat.com/):
1028148 - CVE-2013-2929 kernel: exec/ptrace: get_dumpable() incorrect tests
1033600 - CVE-2013-6381 Kernel: qeth: buffer overflow in snmp ioctl
1035875 - CVE-2013-7263 CVE-2013-7265 Kernel: net: leakage of uninitialized memory to user-space via recv syscalls

New: This update fixes the following security issues:

* A buffer overflow flaw was found in the way the qeth_snmp_command()
function in the Linux kernel's QETH network device driver implementation
handled SNMP IOCTL requests with an out-of-bounds length. A local,
unprivileged user could use this flaw to crash the system or, potentially,
escalate their privileges on the system. (CVE-2013-6381, Important)

* A flaw was found in the way the get_dumpable() function return value was
interpreted in the ptrace subsystem of the Linux kernel. When
'fs.suid_dumpable' was set to 2, a local, unprivileged local user could
use this flaw to bypass intended ptrace restrictions and obtain
potentially sensitive information. (CVE-2013-2929, Low)

* It was found that certain protocol handlers in the Linux kernel's
networking implementation could set the addr_len value without initializing
the associated data structure. A local, unprivileged user could use this
flaw to leak kernel stack memory to user space using the recvmsg, recvfrom,
and recvmmsg system calls (CVE-2013-7263, CVE-2013-7265, Low).

This update also fixes several bugs.

Bugs fixed (https://bugzilla.redhat.com/):

1028148 - CVE-2013-2929 kernel: exec/ptrace: get_dumpable() incorrect tests
1033600 - CVE-2013-6381 Kernel: qeth: buffer overflow in snmp ioctl
1035875 - CVE-2013-7263 CVE-2013-7265 Kernel: net: leakage of uninitialized memory to user-space via recv syscalls

People

Assignee:: Bob Glossman (Inactive)

Reporter:: Bob Glossman (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 12/Feb/14 9:54 PM

Updated:: 24/Mar/14 6:19 PM

Resolved:: 20/Feb/14 7:57 PM