[LU-6162] Kernel update [RHEL6.6 2.6.32-504.8.1.el6] - Whamcloud Community JIRA

Details

Type: Bug
Resolution: Fixed
Priority: Critical
Fix Version/s: Lustre 2.7.0
Affects Version/s: None
Labels:
- HB

Severity:
3
Rank (Obsolete):
17251

Description

A flaw was found in the way the Linux kernel's SCTP implementation
validated INIT chunks when performing Address Configuration Change
(ASCONF). A remote attacker could use this flaw to crash the system by
sending a specially crafted SCTP packet to trigger a NULL pointer
dereference on the system. (CVE-2014-7841, Important)

An integer overflow flaw was found in the way the Linux kernel's Advanced
Linux Sound Architecture (ALSA) implementation handled user controls.
A local, privileged user could use this flaw to crash the system.
(CVE-2014-4656, Moderate)

Bugs fixed (https://bugzilla.redhat.com/):

1113470 - CVE-2014-4656 Kernel: ALSA: control: integer overflow in id.index & id.numid
1163087 - CVE-2014-7841 kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet

Attachments

Activity

[LU-6162] Kernel update [RHEL6.6 2.6.32-504.8.1.el6]

Peter Jones made changes - 05/Feb/15 6:49 PM

Resolution		New: Fixed [ 1 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

Jodi Levi (Inactive) made changes - 29/Jan/15 3:28 PM

Labels

New: HB

Jodi Levi (Inactive) made changes - 29/Jan/15 3:28 PM

Fix Version/s

New: Lustre 2.7.0 [ 10631 ]

Jodi Levi (Inactive) made changes - 29/Jan/15 3:28 PM

Priority

Original: Minor [ 4 ]

New: Critical [ 2 ]

Bob Glossman (Inactive) made changes - 28/Jan/15 2:03 PM

Assignee

Original: WC Triage [ wc-triage ]

New: Bob Glossman [ bogl ]

Bob Glossman (Inactive) created issue - 27/Jan/15 9:44 PM

People

Assignee:: Bob Glossman (Inactive)

Reporter:: Bob Glossman (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 27/Jan/15 9:44 PM

Updated:: 05/Feb/15 6:49 PM

Resolved:: 05/Feb/15 6:49 PM