[LU-6011] Kernel update [RHEL7 3.10.0-123.13.1.el7]

Fri, 19 Dec 2014 16:06:03 +0000

A flaw was found in the way the Linux kernel's SCTP implementation
handled malformed or duplicate Address Configuration Change Chunks
(ASCONF). A remote attacker could use either of these flaws to crash the
system. (CVE-2014-3673, CVE-2014-3687, Important)

A flaw was found in the way the Linux kernel's SCTP implementation
handled the association's output queue. A remote attacker could send
specially crafted packets that would cause the system to use an excessive
amount of memory, leading to a denial of service. (CVE-2014-3688,
Important)

Two flaws were found in the way the Apple Magic Mouse/Trackpad
multi-touch driver and the Minibox PicoLCD driver handled invalid HID
reports. An attacker with physical access to the system could use these
flaws to crash the system or, potentially, escalate their privileges on the
system. (CVE-2014-3181, CVE-2014-3186, Moderate)

A memory corruption flaw was found in the way the USB ConnectTech
WhiteHEAT serial driver processed completion commands sent via USB Request
Blocks buffers. An attacker with physical access to the system could use
this flaw to crash the system or, potentially, escalate their privileges on
the system. (CVE-2014-3185, Moderate)

A flaw was found in the way the Linux kernel's keys subsystem handled the
termination condition in the associative array garbage collection
functionality. A local, unprivileged user could use this flaw to crash the
system. (CVE-2014-3631, Moderate)

Multiple flaws were found in the way the Linux kernel's ALSA
implementation handled user controls. A local, privileged user could use
either of these flaws to crash the system. (CVE-2014-4654, CVE-2014-4655,
CVE-2014-4656, Moderate)

A flaw was found in the way the Linux kernel's VFS subsystem handled
reference counting when performing unmount operations on symbolic links.
A local, unprivileged user could use this flaw to exhaust all available
memory on the system or, potentially, trigger a use-after-free error,
resulting in a system crash or privilege escalation. (CVE-2014-5045,
Moderate)

A flaw was found in the way the get_dumpable() function return value was
interpreted in the ptrace subsystem of the Linux kernel. When
'fs.suid_dumpable' was set to 2, a local, unprivileged local user could
use this flaw to bypass intended ptrace restrictions and obtain
potentially sensitive information. (CVE-2013-2929, Low)

A stack overflow flaw caused by infinite recursion was found in the way
the Linux kernel's UDF file system implementation processed indirect ICBs.
An attacker with physical access to the system could use a specially
crafted UDF image to crash the system. (CVE-2014-6410, Low)

An information leak flaw in the way the Linux kernel handled media device
enumerate entities IOCTL requests could allow a local user able to access
the /dev/media0 device file to leak kernel memory bytes. (CVE-2014-1739,
Low)

An out-of-bounds read flaw in the Logitech Unifying receiver driver could
allow an attacker with physical access to the system to crash the system
or, potentially, escalate their privileges on the system. (CVE-2014-3182,
Low)

Multiple out-of-bounds write flaws were found in the way the Cherry
Cymotion keyboard driver, KYE/Genius device drivers, Logitech device
drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote
control driver, and Sunplus wireless desktop driver handled invalid HID
reports. An attacker with physical access to the system could use either of
these flaws to write data past an allocated memory buffer. (CVE-2014-3184,
Low)

An information leak flaw was found in the RAM Disks Memory Copy (rd_mcp)
back end driver of the iSCSI Target subsystem could allow a privileged user
to leak the contents of kernel memory to an iSCSI initiator remote client.
(CVE-2014-4027, Low)

An information leak flaw in the Linux kernel's ALSA implementation could
allow a local, privileged user to leak kernel memory to user space.
(CVE-2014-4652, Low)

Bugs fixed (https://bugzilla.redhat.com/):

1028148 - CVE-2013-2929 kernel: exec/ptrace: get_dumpable() incorrect tests
1108744 - CVE-2014-4027 Kernel: target/rd: imformation leakage
1109774 - CVE-2014-1739 Kernel: drivers: media: an information leakage
1113406 - CVE-2014-4652 Kernel: ALSA: control: protect user controls against races & memory disclosure
1113445 - CVE-2014-4654 CVE-2014-4655 Kernel: ALSA: control: use-after-free in replacing user controls
1113470 - CVE-2014-4656 Kernel: ALSA: control: integer overflow in id.index & id.numid
1122472 - CVE-2014-5045 kernel: vfs: refcount issues during unmount on symlink
1140325 - CVE-2014-3631 kernel: keys: incorrect termination condition in assoc array garbage collection
1141173 - CVE-2014-3181 Kernel: HID: OOB write in magicmouse driver
1141210 - CVE-2014-3182 Kernel: HID: logitech-dj OOB array access
1141391 - CVE-2014-3184 Kernel: HID: off by one error in various _report_fixup routines
1141400 - CVE-2014-3185 Kernel: USB serial: memory corruption flaw
1141407 - CVE-2014-3186 Kernel: HID: memory corruption via OOB write
1141809 - CVE-2014-6410 kernel: udf: Avoid infinite loop when processing indirect ICBs
1147850 - CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks
1155731 - CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks
1155745 - CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing

Whamcloud Community JIRA

[LU-6011] Kernel update [RHEL7 3.10.0-123.13.1.el7]