http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7ada876a8703f23befbb20a7465a702ee39b1704

http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.37

RHSA-2014:1365

RHSA-2014:1763

https://bugzilla.redhat.com/show_bug.cgi?id=1094455

https://github.com/torvalds/linux/commit/7ada876a8703f23befbb20a7465a702ee39b1704

Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 6.2 Advanced Update Support.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

* A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait().
A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation.
(CVE-2014-0205)

* A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. (CVE-2014-5077)

The security impact of the CVE-2014-0205 issue was discovered by Mateusz Guzik of Red Hat.

All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6.4 Extended Update Support.

Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

* A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait().
A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation.
(CVE-2014-0205, Important)

The security impact of this issue was discovered by Mateusz Guzik of Red Hat.

This update also fixes the following bugs :

* A rare race between the file system unmount code and the file system notification code could lead to a kernel panic. With this update, a series of patches has been applied to the kernel to prevent this problem. (BZ#1130628)

* Previously, recovery of a double-degraded RAID6 array could, under certain circumstances, result in data corruption. This could happen because the md driver was using an optimization that is safe to use only for single-degraded arrays. This update ensures that this optimization is skipped during the recovery of double-degraded RAID6 arrays. (BZ#1131410)

* Later Intel CPUs added a new 'Condition Changed' bit to the MSR_CORE_PERF_GLOBAL_STATUS register. Previously, the kernel falsely assumed that this bit indicates a performance interrupt, which prevented other NMI handlers from running and executing. To fix this problem, a patch has been applied to the kernel to ignore this bit in the perf code, enabling other NMI handlers to run. (BZ#1134695)

* Previously, certain network device drivers did not accept ethtool commands right after they were mounted. As a consequence, the current setting of the specified device driver was not applied and an error message was returned. The ETHTOOL_DELAY variable has been added, which makes sure the ethtool utility waits for some time before it tries to apply the options settings, thus fixing the bug. (BZ#1138300)

All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

* A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait().
A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation.
(CVE-2014-0205, Important)

* A NULL pointer dereference flaw was found in the way the Linux kernel's networking implementation handled logging while processing certain invalid packets coming in via a VxLAN interface. A remote attacker could use this flaw to crash the system by sending a specially crafted packet to such an interface. (CVE-2014-3535, Important)

* An out-of-bounds memory access flaw was found in the Linux kernel's system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system.
(CVE-2014-3917, Moderate)

* An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation processed certain COOKIE_ECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP server socket to be made.
(CVE-2014-4667, Moderate)

Red Hat would like to thank Gopal Reddy Kodudula of Nokia Siemens Networks for reporting CVE-2014-4667. The security impact of the CVE-2014-0205 issue was discovered by Mateusz Guzik of Red Hat.

This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.

All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3073 advisory.

  - kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain     syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or     cause a denial of service (OOPS) via a large value of a syscall number. (CVE-2014-3917)

  - The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a     certain reference count during requeue operations, which allows local users to cause a denial of service     (use-after-free and system crash) or possibly gain privileges via a crafted application that triggers a     zero count. (CVE-2014-0205)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

* A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait().
A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation.
(CVE-2014-0205, Important)

* A NULL pointer dereference flaw was found in the way the Linux kernel's networking implementation handled logging while processing certain invalid packets coming in via a VxLAN interface. A remote attacker could use this flaw to crash the system by sending a specially crafted packet to such an interface. (CVE-2014-3535, Important)

* An out-of-bounds memory access flaw was found in the Linux kernel's system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system.
(CVE-2014-3917, Moderate)

* An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation processed certain COOKIE_ECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP server socket to be made.
(CVE-2014-4667, Moderate)

The system must be rebooted for this update to take effect.

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1167 advisory.

  - The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not     properly manage a certain backlog value, which allows remote attackers to cause a denial of service     (socket outage) via a crafted SCTP packet. (CVE-2014-4667)

  - kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain     syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or     cause a denial of service (OOPS) via a large value of a syscall number. (CVE-2014-3917)

  - The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a     certain reference count during requeue operations, which allows local users to cause a denial of service     (use-after-free and system crash) or possibly gain privileges via a crafted application that triggers a     zero count. (CVE-2014-0205)

  - include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and     its related logging implementation, which allows remote attackers to cause a denial of service (NULL     pointer dereference and system crash) by sending invalid packets to a VxLAN interface. (CVE-2014-3535)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
79061	RHEL 6 : kernel (RHSA-2014:1763)	Nessus	Red Hat Local Security Checks	high
79054	RHEL 6 : kernel (RHSA-2014:1365)	Nessus	Red Hat Local Security Checks	medium
77626	RHEL 6 : kernel (RHSA-2014:1167)	Nessus	Red Hat Local Security Checks	high
77624	Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3073)	Nessus	Oracle Linux Local Security Checks	medium
77598	Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20140909)	Nessus	Scientific Linux Local Security Checks	high
77597	Oracle Linux 6 : kernel (ELSA-2014-1167)	Nessus	Oracle Linux Local Security Checks	high
77584	CentOS 6 : kernel (CESA-2014:1167)	Nessus	CentOS Local Security Checks	high

CVE-2014-0205

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Tenable Plugins

high

medium

high

medium

high

high

high