kernel (SL7)

By Scientific Linux Team on August 6, 2015

Synopsis: Moderate: kernel security and bug fix update
Advisory ID: SLSA-2015:1534-1
Issue Date: 2015-08-05
CVE Numbers: CVE-2015-2922
CVE-2015-3636
CVE-2015-2666
CVE-2014-9715

* An integer overflow flaw was found in the way the Linux kernel’s
netfilter connection tracking implementation loaded extensions. An
attacker on a local network could potentially send a sequence of specially
crafted packets that would initiate the loading of a large number of
extensions, causing the targeted system in that network to crash.
(CVE-2014-9715, Moderate)

* A stack-based buffer overflow flaw was found in the Linux kernel’s early
load microcode functionality. On a system with UEFI Secure Boot enabled, a
local, privileged user could use this flaw to increase their privileges to
the kernel (ring0) level, bypassing intended restrictions in place.
(CVE-2015-2666, Moderate)

* It was found that the Linux kernel’s ping socket implementation did not
properly handle socket unhashing during spurious disconnects, which could
lead to a use-after-free flaw. On x86-64 architecture systems, a local
user able to create ping sockets could use this flaw to crash the system.
On non-x86-64 architecture systems, a local user able to create ping
sockets could use this flaw to escalate their privileges on the system.
(CVE-2015-3636, Moderate)

* It was found that the Linux kernel’s TCP/IP protocol suite
implementation for IPv6 allowed the Hop Limit value to be set to a smaller
value than the default one. An attacker on a local network could use this
flaw to prevent systems on that network from sending or receiving network
packets. (CVE-2015-2922, Low)

This update also fixes several bugs.

The system must be rebooted for this update to take effect.

SL7
x86_64
kernel-3.10.0-229.11.1.el7.x86_64.rpm
kernel-debug-3.10.0-229.11.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-229.11.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-229.11.1.el7.x86_64.rpm
kernel-devel-3.10.0-229.11.1.el7.x86_64.rpm
kernel-headers-3.10.0-229.11.1.el7.x86_64.rpm
kernel-tools-3.10.0-229.11.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-229.11.1.el7.x86_64.rpm
perf-3.10.0-229.11.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-229.11.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-229.11.1.el7.x86_64.rpm
python-perf-3.10.0-229.11.1.el7.x86_64.rpm
noarch
kernel-abi-whitelists-3.10.0-229.11.1.el7.noarch.rpm
kernel-doc-3.10.0-229.11.1.el7.noarch.rpm

– Scientific Linux Development Team