Synopsis: Important: kernel security and bug fix update
Advisory ID: SLSA-2014:0771-1
Issue Date: 2014-06-19
CVE Numbers: CVE-2013-6378
CVE-2014-1874
CVE-2014-1737
CVE-2014-1738
CVE-2014-2039
CVE-2014-0203
CVE-2014-3153
—
* A flaw was found in the way the Linux kernel’s futex subsystem handled
the requeuing of certain Priority Inheritance (PI) futexes. A local,
unprivileged user could use this flaw to escalate their privileges on the
system. (CVE-2014-3153, Important)
* A flaw was found in the way the Linux kernel’s floppy driver handled
user space provided data in certain error code paths while processing
FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could
use this flaw to free (using the kfree() function) arbitrary kernel
memory. (CVE-2014-1737, Important)
* It was found that the Linux kernel’s floppy driver leaked internal
kernel memory addresses to user space during the processing of the
FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could
use this flaw to obtain information about the kernel heap arrangement.
(CVE-2014-1738, Low)
Note: A local user with write access to /dev/fdX could use these two flaws
(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their
privileges on the system.
* It was discovered that the proc_ns_follow_link() function did not
properly return the LAST_BIND value in the last pathname component as is
expected for procfs symbolic links, which could lead to excessive freeing
of memory and consequent slab corruption. A local, unprivileged user could
use this flaw to crash the system. (CVE-2014-0203, Moderate)
* A flaw was found in the way the Linux kernel handled exceptions when
user-space applications attempted to use the linkage stack. On IBM S/390
systems, a local, unprivileged user could use this flaw to crash the
system. (CVE-2014-2039, Moderate)
* An invalid pointer dereference flaw was found in the Marvell 8xxx
Libertas WLAN (libertas) driver in the Linux kernel. A local user able to
write to a file that is provided by the libertas driver and located on the
debug file system (debugfs) could use this flaw to crash the system. Note:
The debugfs file system must be mounted locally to exploit this issue. It
is not mounted by default. (CVE-2013-6378, Low)
* A denial of service flaw was discovered in the way the Linux kernel’s
SELinux implementation handled files with an empty SELinux security
context. A local user who has the CAP_MAC_ADMIN capability could use this
flaw to crash the system. (CVE-2014-1874, Low)
The system must be rebooted for this update to take effect.
—
SL6
x86_64
kernel-2.6.32-431.20.3.el6.x86_64.rpm
kernel-debug-2.6.32-431.20.3.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-431.20.3.el6.x86_64.rpm
kernel-debug-devel-2.6.32-431.20.3.el6.x86_64.rpm
kernel-debuginfo-2.6.32-431.20.3.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-431.20.3.el6.x86_64.rpm
kernel-devel-2.6.32-431.20.3.el6.x86_64.rpm
kernel-headers-2.6.32-431.20.3.el6.x86_64.rpm
perf-2.6.32-431.20.3.el6.x86_64.rpm
perf-debuginfo-2.6.32-431.20.3.el6.x86_64.rpm
python-perf-debuginfo-2.6.32-431.20.3.el6.x86_64.rpm
python-perf-2.6.32-431.20.3.el6.x86_64.rpm
i386
kernel-2.6.32-431.20.3.el6.i686.rpm
kernel-debug-2.6.32-431.20.3.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-431.20.3.el6.i686.rpm
kernel-debug-devel-2.6.32-431.20.3.el6.i686.rpm
kernel-debuginfo-2.6.32-431.20.3.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-431.20.3.el6.i686.rpm
kernel-devel-2.6.32-431.20.3.el6.i686.rpm
kernel-headers-2.6.32-431.20.3.el6.i686.rpm
perf-2.6.32-431.20.3.el6.i686.rpm
perf-debuginfo-2.6.32-431.20.3.el6.i686.rpm
python-perf-debuginfo-2.6.32-431.20.3.el6.i686.rpm
python-perf-2.6.32-431.20.3.el6.i686.rpm
noarch
kernel-abi-whitelists-2.6.32-431.20.3.el6.noarch.rpm
kernel-doc-2.6.32-431.20.3.el6.noarch.rpm
kernel-firmware-2.6.32-431.20.3.el6.noarch.rpm
– Scientific Linux Development Team
