Synopsis: Important: kernel security, bug fix, and enhancement update
Advisory ID: SLSA-2014:0285-1
Issue Date: 2014-03-12
CVE Numbers: CVE-2013-4483
CVE-2013-2929
CVE-2013-4554
CVE-2013-6383
CVE-2013-6381
CVE-2013-6885
CVE-2013-7263
CVE-2013-7265
—
* A buffer overflow flaw was found in the way the qeth_snmp_command()
function in the Linux kernel’s QETH network device driver implementation
handled SNMP IOCTL requests with an out-of-bounds length. A local,
unprivileged user could use this flaw to crash the system or, potentially,
escalate their privileges on the system. (CVE-2013-6381, Important)
* A flaw was found in the way the ipc_rcu_putref() function in the Linux
kernel’s IPC implementation handled reference counter decrementing. A
local, unprivileged user could use this flaw to trigger an Out of Memory
(OOM) condition and, potentially, crash the system. (CVE-2013-4483,
Moderate)
* It was found that the Xen hypervisor implementation did not correctly
check privileges of hypercall attempts made by HVM guests, allowing
hypercalls to be invoked from protection rings 1 and 2 in addition to ring
0. A local attacker in an HVM guest able to execute code on privilege
levels 1 and 2 could potentially use this flaw to further escalate their
privileges in that guest. Note: Xen HVM guests running unmodified versions
of Scientific Linux and Microsoft Windows are not affected by this issue
because they are known to only use protection rings 0 (kernel) and 3
(userspace). (CVE-2013-4554, Moderate)
* A flaw was found in the way the Linux kernel’s Adaptec RAID controller
(aacraid) checked permissions of compat IOCTLs. A local attacker could use
this flaw to bypass intended security restrictions. (CVE-2013-6383,
Moderate)
A privileged user in a guest running under the Xen hypervisor could use
this flaw to cause a denial of service on the host system. This update
adds a workaround to the Xen hypervisor implementation, which mitigates
the AMD CPU issue. Note: this issue only affects AMD Family 16h Models
00h-0Fh Processors. Non-AMD CPUs are not vulnerable. (CVE-2013-6885,
Moderate)
* It was found that certain protocol handlers in the Linux kernel’s
networking implementation could set the addr_len value without
initializing the associated data structure. A local, unprivileged user
could use this flaw to leak kernel stack memory to user space using the
recvmsg, recvfrom, and recvmmsg system calls. (CVE-2013-7263, Low)
* A flaw was found in the way the get_dumpable() function return value was
interpreted in the ptrace subsystem of the Linux kernel. When
‘fs.suid_dumpable’ was set to 2, a local, unprivileged local user could
use this flaw to bypass intended ptrace restrictions and obtain
potentially sensitive information. (CVE-2013-2929, Low)
The system must be rebooted for this update to take effect.
—
SL5
x86_64
kernel-2.6.18-371.6.1.el5.x86_64.rpm
kernel-debug-2.6.18-371.6.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-371.6.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-371.6.1.el5.x86_64.rpm
kernel-devel-2.6.18-371.6.1.el5.x86_64.rpm
kernel-headers-2.6.18-371.6.1.el5.x86_64.rpm
kernel-xen-2.6.18-371.6.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-371.6.1.el5.x86_64.rpm
i386
kernel-2.6.18-371.6.1.el5.i686.rpm
kernel-PAE-2.6.18-371.6.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-371.6.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-371.6.1.el5.i686.rpm
kernel-debug-2.6.18-371.6.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-371.6.1.el5.i686.rpm
kernel-debug-devel-2.6.18-371.6.1.el5.i686.rpm
kernel-debuginfo-2.6.18-371.6.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-371.6.1.el5.i686.rpm
kernel-devel-2.6.18-371.6.1.el5.i686.rpm
kernel-headers-2.6.18-371.6.1.el5.i386.rpm
kernel-xen-2.6.18-371.6.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-371.6.1.el5.i686.rpm
kernel-xen-devel-2.6.18-371.6.1.el5.i686.rpm
noarch
kernel-doc-2.6.18-371.6.1.el5.noarch.rpm
– Scientific Linux Development Team
