|
Security Fix(es):
- It was found that reporting emulation failures to user space could lead to
either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In
the case of a local denial of service, an attacker must have access to the MMIO
area or be able to access an I/O port. Please note that on certain systems, HPET
is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may
generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313,
CVE-2014-7842, Moderate)
- It was found that the Linux kernel did not properly account file descriptors
passed over the unix socket against the process limit. A local user could use
this flaw to exhaust all available memory on the system. (CVE-2013-4312,
Moderate)
- A buffer overflow flaw was found in the way the Linux kernel's virtio-net
subsystem handled certain fraglists when the GRO (Generic Receive Offload)
functionality was enabled in a bridged network configuration. An attacker on the
local network could potentially use this flaw to crash the system, or, although
unlikely, elevate their privileges on the system. (CVE-2015-5156, Moderate)
- It was found that the Linux kernel's IPv6 network stack did not properly
validate the value of the MTU variable when it was set. A remote attacker could
potentially use this flaw to disrupt a target system's networking (packet loss)
by setting an invalid MTU value, for example, via a NetworkManager daemon that
is processing router advertisement packets running on the target system.
(CVE-2015-8215, Moderate)
- A NULL pointer dereference flaw was found in the way the Linux kernel's
network subsystem handled socket creation with an invalid protocol identifier. A
local user could use this flaw to crash the system. (CVE-2015-8543, Moderate)
- It was found that the espfix functionality does not work for 32-bit KVM
paravirtualized guests. A local, unprivileged guest user could potentially use
this flaw to leak kernel stack addresses. (CVE-2014-8134, Low)
- A flaw was found in the way the Linux kernel's ext4 file system driver handled
non-journal file systems with an orphan list. An attacker with physical access
to the system could use this flaw to crash the system or, although unlikely,
escalate their privileges on the system. (CVE-2015-7509, Low)
- A NULL pointer dereference flaw was found in the way the Linux kernel's ext4
file system driver handled certain corrupted file system images. An attacker
with physical access to the system could use this flaw to crash the system.
(CVE-2015-8324, Low)
Bugs fixed (https://bugzilla.redhat.com/):
1066751 - tmpfs: creates files with inode number 0, rendering parent directory unremovable
1163762 - CVE-2010-5313 CVE-2014-7842 kernel: kvm: reporting emulation failures to userspace
1172765 - CVE-2014-8134 kernel: x86: espfix not working for 32-bit KVM paravirt guests
1197875 - CIFS DFS shares fail to mount when specifying sec= option
1225359 - bonding: fail to configure master mac address by initscripts
1242239 - md raid1 writemostly feature broken
1243852 - CVE-2015-5156 kernel: buffer overflow with fraglist larger than MAX_SKB_FRAGS + 2 in virtio-net
1248507 - kernel: [drm:cpt_set_fifo_underrun_reporting] ERROR uncleared pch fifo underrun on pch transcoder A
1254020 - RHEL6.6: NFS client has kernel panic after seeing 'VFS: Busy inodes after unmount ... Self-destruct in 5 seconds. Have a nice day'
1259222 - CVE-2015-7509 kernel: Mounting ext2 fs e2fsprogs/tests/f_orphan as ext4 crashes system
1259870 - Incomplete nl80211 backport broke hostapd
1267261 - CVE-2015-8324 kernel: Null pointer dereference when mounting ext4
1283253 - CVE-2015-8215 kernel: MTU value is not validated in IPv6 stack causing packet loss
1290475 - CVE-2015-8543 kernel: IPv6 connect causes DoS via NULL pointer dereference
1297813 - CVE-2013-4312 kernel: File descriptors passed over unix sockets are not properly accounted
1310661 - BUG: unable to handle kernel paging request at 65642072 followed by kernel panic
697750 - [xfs] concurrent aio/dio got stuck
723722 - BUG: SELinux is preventing /usr/bin/nautilus (deleted) "write" access on /media/TerraVolume.
889368 - LVM RAID: I/O can hang if entire stripe (mirror group) of RAID10 LV is killed while under snapshot
|