- A buffer overflow flaw was found in the way the qeth_snmp_command()
function in the Linux kernel's QETH network device driver implementation
handled SNMP IOCTL requests with an out-of-bounds length. A local,
unprivileged user could use this flaw to crash the system or, potentially,
escalate their privileges on the system. (CVE-2013-6381, Important)
- A flaw was found in the way the get_dumpable() function return value was
interpreted in the ptrace subsystem of the Linux kernel. When
'fs.suid_dumpable' was set to 2, a local, unprivileged local user could
use this flaw to bypass intended ptrace restrictions and obtain
potentially sensitive information. (CVE-2013-2929, Low)
- It was found that certain protocol handlers in the Linux kernel's
networking implementation could set the addr_len value without initializing
the associated data structure. A local, unprivileged user could use this
flaw to leak kernel stack memory to user space using the recvmsg, recvfrom,
and recvmmsg system calls (CVE-2013-7263, CVE-2013-7265, Low).
This update also fixes several bugs.
Bugs fixed (https://bugzilla.redhat.com/):
1028148 - CVE-2013-2929 kernel: exec/ptrace: get_dumpable() incorrect tests
1033600 - CVE-2013-6381 Kernel: qeth: buffer overflow in snmp ioctl
1035875 - CVE-2013-7263 CVE-2013-7265 Kernel: net: leakage of uninitialized memory to user-space via recv syscalls
|