[LU-6847] Kernel update [RHEL6.6 2.6.32-504.30.3.el6] Created: 14/Jul/15  Updated: 01/Jul/16  Resolved: 23/Jul/15

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: Lustre 2.8.0

Type: Bug Priority: Minor
Reporter: Bob Glossman (Inactive) Assignee: Bob Glossman (Inactive)
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Related
Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   
  • A NULL pointer dereference flaw was found in the way the Linux kernel's
    virtual console implementation handled reference counting when accessing
    pseudo-terminal device files (/dev/pts/*). A local, unprivileged attacker
    could use this flaw to crash the system. (CVE-2011-5321, Moderate)
  • It was found that the Linux kernel's ping socket implementation did not
    properly handle socket unhashing during spurious disconnects, which could
    lead to a use-after-free flaw. On x86-64 architecture systems, a local user
    able to create ping sockets could use this flaw to crash the system.
    On non-x86-64 architecture systems, a local user able to create ping
    sockets could use this flaw to escalate their privileges on the system.
    (CVE-2015-3636, Moderate)
  • An integer overflow flaw was found in the way the Linux kernel randomized
    the stack for processes on certain 64-bit architecture systems, such as
    x86-64, causing the stack entropy to be reduced by four. (CVE-2015-1593,
    Low)
  • A flaw was found in the way the Linux kernel's 32-bit emulation
    implementation handled forking or closing of a task with an 'int80' entry.
    A local user could potentially use this flaw to escalate their privileges
    on the system. (CVE-2015-2830, Low)
  • It was found that the Linux kernel's TCP/IP protocol suite implementation
    for IPv6 allowed the Hop Limit value to be set to a smaller value than the
    default one. An attacker on a local network could use this flaw to prevent
    systems on that network from sending or receiving network packets.
    (CVE-2015-2922, Low)

Bugs fixed (https://bugzilla.redhat.com/):

1192519 - CVE-2015-1593 kernel: Linux stack ASLR implementation Integer overflow
1201887 - CVE-2011-5321 Kernel: tty: driver reference leakage in tty_open
1203712 - CVE-2015-2922 kernel: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements.
1208598 - CVE-2015-2830 kernel: int80 fork from 64-bit tasks mishandling
1218074 - CVE-2015-3636 kernel: ping sockets: use-after-free leading to local privilege escalation

 Comments   
Comment by Gerrit Updater [ 15/Jul/15 ]

Bob Glossman (bob.glossman@intel.com) uploaded a new patch: http://review.whamcloud.com/15605
Subject: LU-6847 kernel: kernel update RHEL 6.6 [2.6.32-504.30.3.el6]
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: ba33d81f1f082b6b7306d5b0fc80a583ed4eabfe

Comment by Gerrit Updater [ 23/Jul/15 ]

Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/15605/
Subject: LU-6847 kernel: kernel update RHEL 6.6 [2.6.32-504.30.3.el6]
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 0dba034bb22573ff8d27e3545a103b0ac7294929

Comment by Peter Jones [ 23/Jul/15 ]

Landed for 2.8

Generated at Sat Feb 10 02:03:47 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.