Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-6162

Kernel update [RHEL6.6 2.6.32-504.8.1.el6]

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • Lustre 2.7.0
    • None
    • 3
    • 17251

    Description

      • A flaw was found in the way the Linux kernel's SCTP implementation
        validated INIT chunks when performing Address Configuration Change
        (ASCONF). A remote attacker could use this flaw to crash the system by
        sending a specially crafted SCTP packet to trigger a NULL pointer
        dereference on the system. (CVE-2014-7841, Important)
      • An integer overflow flaw was found in the way the Linux kernel's Advanced
        Linux Sound Architecture (ALSA) implementation handled user controls.
        A local, privileged user could use this flaw to crash the system.
        (CVE-2014-4656, Moderate)

      Bugs fixed (https://bugzilla.redhat.com/):

      1113470 - CVE-2014-4656 Kernel: ALSA: control: integer overflow in id.index & id.numid
      1163087 - CVE-2014-7841 kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet

      Attachments

        Activity

          People

            bogl Bob Glossman (Inactive)
            bogl Bob Glossman (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: