Synopsis: Moderate: kernel security and bug fix update
Advisory ID: SLSA-2013:1051-1
Issue Date: 2013-07-16
CVE Numbers: CVE-2013-0914
CVE-2013-1848
CVE-2013-2634
CVE-2013-2635
CVE-2013-3222
CVE-2013-3224
CVE-2013-3225
CVE-2012-6548
CVE-2013-3301
CVE-2013-2128
CVE-2013-2852
—
This update fixes the following security issues:
* A flaw was found in the tcp_read_sock() function in the Linux kernel’s
IPv4 TCP/IP protocol suite implementation in the way socket buffers (skb)
were handled. A local, unprivileged user could trigger this issue via a
call to splice(), leading to a denial of service. (CVE-2013-2128,
Moderate)
* Information leak flaws in the Linux kernel could allow a local,
unprivileged user to leak kernel memory to user-space. (CVE-2012-6548,
CVE-2013-2634, CVE-2013-2635, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225,
Low)
* An information leak was found in the Linux kernel’s POSIX signals
implementation. A local, unprivileged user could use this flaw to bypass
the Address Space Layout Randomization (ASLR) security feature.
(CVE-2013-0914, Low)
* A format string flaw was found in the ext3_msg() function in the Linux
kernel’s ext3 file system implementation. A local user who is able to
mount an ext3 file system could use this flaw to cause a denial of service
or, potentially, escalate their privileges. (CVE-2013-1848, Low)
* A format string flaw was found in the b43_do_request_fw() function in
the Linux kernel’s b43 driver implementation. A local user who is able to
specify the “fwpostfix” b43 module parameter could use this flaw to cause
a denial of service or, potentially, escalate their privileges.
(CVE-2013-2852, Low)
* A NULL pointer dereference flaw was found in the Linux kernel’s ftrace
and function tracer implementations. A local user who has the
CAP_SYS_ADMIN capability could use this flaw to cause a denial of service.
(CVE-2013-3301, Low)
The system must be rebooted for this update to take effect.
—
SL6
x86_64
kernel-2.6.32-358.14.1.el6.x86_64.rpm
kernel-debug-2.6.32-358.14.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-358.14.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-358.14.1.el6.x86_64.rpm
kernel-devel-2.6.32-358.14.1.el6.x86_64.rpm
kernel-headers-2.6.32-358.14.1.el6.x86_64.rpm
perf-2.6.32-358.14.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm
python-perf-2.6.32-358.14.1.el6.x86_64.rpm
i386
kernel-2.6.32-358.14.1.el6.i686.rpm
kernel-debug-2.6.32-358.14.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-358.14.1.el6.i686.rpm
kernel-debug-devel-2.6.32-358.14.1.el6.i686.rpm
kernel-debuginfo-2.6.32-358.14.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-358.14.1.el6.i686.rpm
kernel-devel-2.6.32-358.14.1.el6.i686.rpm
kernel-headers-2.6.32-358.14.1.el6.i686.rpm
perf-2.6.32-358.14.1.el6.i686.rpm
perf-debuginfo-2.6.32-358.14.1.el6.i686.rpm
python-perf-debuginfo-2.6.32-358.14.1.el6.i686.rpm
python-perf-2.6.32-358.14.1.el6.i686.rpm
noarch
kernel-doc-2.6.32-358.14.1.el6.noarch.rpm
kernel-firmware-2.6.32-358.14.1.el6.noarch.rpm
– Scientific Linux Development Team
