[LU-5740] Kernel upgrade [RHEL6.6 2.6.32-504.el6]

Blocker — Fri, 24 Apr 2015 14:01:14 +0000

A NULL pointer dereference flaw was found in the way the Linux kernel's
Stream Control Transmission Protocol (SCTP) implementation handled
simultaneous connections between the same hosts. A remote attacker could
use this flaw to crash the system. (CVE-2014-5077, Important)

An integer overflow flaw was found in the way the Linux kernel's Frame
Buffer device implementation mapped kernel memory to user space via the
mmap syscall. A local user able to access a frame buffer device file
(/dev/fb*) could possibly use this flaw to escalate their privileges on the
system. (CVE-2013-2596, Important)

A flaw was found in the way the ipc_rcu_putref() function in the Linux
kernel's IPC implementation handled reference counter decrementing.
A local, unprivileged user could use this flaw to trigger an Out of Memory
(OOM) condition and, potentially, crash the system. (CVE-2013-4483,
Moderate)

It was found that the permission checks performed by the Linux kernel
when a netlink message was received were not sufficient. A local,
unprivileged user could potentially bypass these restrictions by passing a
netlink socket as stdout or stderr to a more privileged process and
altering the output of this process. (CVE-2014-0181, Moderate)

It was found that the try_to_unmap_cluster() function in the Linux
kernel's Memory Managment subsystem did not properly handle page locking in
certain cases, which could potentially trigger the BUG_ON() macro in the
mlock_vma_page() function. A local, unprivileged user could use this flaw
to crash the system. (CVE-2014-3122, Moderate)

A flaw was found in the way the Linux kernel's kvm_iommu_map_pages()
function handled IOMMU mapping failures. A privileged user in a guest with
an assigned host device could use this flaw to crash the host.
(CVE-2014-3601, Moderate)

Multiple use-after-free flaws were found in the way the Linux kernel's
Advanced Linux Sound Architecture (ALSA) implementation handled user
controls. A local, privileged user could use either of these flaws to crash
the system. (CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, Moderate)

A flaw was found in the way the Linux kernel's VFS subsystem handled
reference counting when performing unmount operations on symbolic links.
A local, unprivileged user could use this flaw to exhaust all available
memory on the system or, potentially, trigger a use-after-free error,
resulting in a system crash or privilege escalation. (CVE-2014-5045,
Moderate)

An integer overflow flaw was found in the way the lzo1x_decompress_safe()
function of the Linux kernel's LZO implementation processed Literal Runs.
A local attacker could, in extremely rare cases, use this flaw to crash the
system or, potentially, escalate their privileges on the system.
(CVE-2014-4608, Low)

Bugs fixed (https://bugzilla.redhat.com/):

1010882 - kvm: backport "Improve create VCPU parameter"
1024854 - CVE-2013-4483 kernel: ipc: ipc_rcu_putref refcount races
1027480 - alb_send_learning_packets using an obsolete EtherType
1030411 - resizing thin-snapshot with external origin should return zeros behind origin's end
1031488 - Restore the mask bit correctly in eoi_ioapic_irq()
1034490 - CVE-2013-2596 kernel: integer overflow in fb_mmap
1036972 - use after free in new nfsd DRC code
1044438 - cifs: Unable to append to an existing file in cache=none mode.
1059496 - KVM: x86 emulator: Implement jmp far opcode ff/5
1063836 - kvm: 23090: cpu0 unhandled wrmsr 0x391 data 2000000f
1065304 - kernel/sched: incorrect setup of sched_group->cpu_power for NUMA systems
1069028 - ixgbevf prematurely strips VLAN tags
1072373 - Along with the increase of vCPUs in guest, and guest OS will spend more time to boot up in specified machine.
1077463 - gfs2: quotas not refreshed in gfs2_adjust_quota
1090423 - Data integrity issue on rebuilding RAID 6 with 100MB resync speed
1093076 - CVE-2014-3122 Kernel: mm: try_to_unmap_cluster() should lock_page() before mlocking
1094265 - CVE-2014-0181 kernel: net: insufficient permision checks of netlink messages
1095627 - missing vhost schedule causing thread starvation
1100523 - ext4 filesystem option 'max_batch_time' actually displays 'min_batch_time' in /proc/mounts
1113409 - CVE-2014-4653 Kernel: ALSA: control: do not access controls outside of protected regions
1113445 - CVE-2014-4654 CVE-2014-4655 Kernel: ALSA: control: use-after-free in replacing user controls
1113899 - CVE-2014-4608 kernel: lzo1x_decompress_safe() integer overflow
1118123 - [Hyper-V][REHL 6.6] fcopy large file from host to guest failed
1122472 - CVE-2014-5045 kernel: vfs: refcount issues during unmount on symlink
1122982 - CVE-2014-5077 Kernel: net: SCTP: fix a NULL pointer dereference during INIT collisions
1124351 - raid1 Data corruption after recovery with bitmap
1127231 - dmeventd hanging while handling lost leg in RAID1 LV
1131951 - CVE-2014-3601 kernel: kvm: invalid parameter passing in kvm_iommu_map_pages()
739866 - checkpolicy cannot parse /selinux/policy on ppc64 and s390x
786463 - nfs mount hangs when kerberos ticket expires
889471 - [Btrfs] BUG: unable to handle kernel NULL pointer dereference at (null) btrfs_get_sb should return error when open_ctree failed
915862 - The sync mount option does not work for NFSv4 mounts in RHEL6
997651 - possible recursive locking detected
998024 - nfsd sometimes grants delegations too soon following conflicting open requests

Whamcloud Community JIRA

[LU-5740] Kernel upgrade [RHEL6.6 2.6.32-504.el6]