[LU-6162] Kernel update [RHEL6.6 2.6.32-504.8.1.el6] Created: 27/Jan/15  Updated: 05/Feb/15  Resolved: 05/Feb/15

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: Lustre 2.7.0

Type: Bug Priority: Critical
Reporter: Bob Glossman (Inactive) Assignee: Bob Glossman (Inactive)
Resolution: Fixed Votes: 0
Labels: HB

Severity: 3
Rank (Obsolete): 17251

 Description   
  • A flaw was found in the way the Linux kernel's SCTP implementation
    validated INIT chunks when performing Address Configuration Change
    (ASCONF). A remote attacker could use this flaw to crash the system by
    sending a specially crafted SCTP packet to trigger a NULL pointer
    dereference on the system. (CVE-2014-7841, Important)
  • An integer overflow flaw was found in the way the Linux kernel's Advanced
    Linux Sound Architecture (ALSA) implementation handled user controls.
    A local, privileged user could use this flaw to crash the system.
    (CVE-2014-4656, Moderate)

Bugs fixed (https://bugzilla.redhat.com/):

1113470 - CVE-2014-4656 Kernel: ALSA: control: integer overflow in id.index & id.numid
1163087 - CVE-2014-7841 kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet

 Comments   
Comment by Gerrit Updater [ 29/Jan/15 ]

Bob Glossman (bob.glossman@intel.com) uploaded a new patch: http://review.whamcloud.com/13560
Subject: LU-6162 kernel: kernel update RHEL6.6 [2.6.32-504.8.1.el6]
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 8b9b97b05b543224286abc8ab8794650ea0f0048

Comment by Gerrit Updater [ 05/Feb/15 ]

Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/13560/
Subject: LU-6162 kernel: kernel update RHEL6.6 [2.6.32-504.8.1.el6]
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: dd520a37ad28c94921d3bb1444449967d95d72e8

Comment by Peter Jones [ 05/Feb/15 ]

Landed for 2.7

Generated at Sat Feb 10 01:57:48 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.