Oval Definition:oval:com.redhat.rhsa:def:20141971
Revision Date:2014-12-09Version:636
Title:RHSA-2014:1971: kernel security and bug fix update (Important)
Description:
  • A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. (CVE-2014-3673, CVE-2014-3687, Important)

  • A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service. (CVE-2014-3688, Important)

  • Two flaws were found in the way the Apple Magic Mouse/Trackpad multi-touch driver and the Minibox PicoLCD driver handled invalid HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3181, CVE-2014-3186, Moderate)

  • A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3185, Moderate)

  • A flaw was found in the way the Linux kernel's keys subsystem handled the termination condition in the associative array garbage collection functionality. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-3631, Moderate)

  • Multiple flaws were found in the way the Linux kernel's ALSA implementation handled user controls. A local, privileged user could use either of these flaws to crash the system. (CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, Moderate)

  • A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation. (CVE-2014-5045, Moderate)

  • A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When 'fs.suid_dumpable' was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information. (CVE-2013-2929, Low)

  • A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's UDF file system implementation processed indirect ICBs. An attacker with physical access to the system could use a specially crafted UDF image to crash the system. (CVE-2014-6410, Low)

  • An information leak flaw in the way the Linux kernel handled media device enumerate entities IOCTL requests could allow a local user able to access the /dev/media0 device file to leak kernel memory bytes. (CVE-2014-1739, Low)

  • An out-of-bounds read flaw in the Logitech Unifying receiver driver could allow an attacker with physical access to the system to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3182, Low)

  • Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled invalid HID reports. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer. (CVE-2014-3184, Low)

  • An information leak flaw was found in the RAM Disks Memory Copy (rd_mcp) back end driver of the iSCSI Target subsystem could allow a privileged user to leak the contents of kernel memory to an iSCSI initiator remote client. (CVE-2014-4027, Low)

  • An information leak flaw in the Linux kernel's ALSA implementation could allow a local, privileged user to leak kernel memory to user space. (CVE-2014-4652, Low)
  • Family:unixClass:patch
    Status:Reference(s):CVE-2013-2929
    CVE-2014-1739
    CVE-2014-3181
    CVE-2014-3182
    CVE-2014-3184
    CVE-2014-3185
    CVE-2014-3186
    CVE-2014-3631
    CVE-2014-3673
    CVE-2014-3687
    CVE-2014-3688
    CVE-2014-4027
    CVE-2014-4652
    CVE-2014-4654
    CVE-2014-4655
    CVE-2014-4656
    CVE-2014-5045
    CVE-2014-6410
    RHSA-2014:1971
    RHSA-2014:1971-00
    RHSA-2014:1971-01
    Platform(s):Red Hat Enterprise Linux 7
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • kernel earlier than 0:3.10.0-123.13.1.el7 is currently running
  • OR kernel earlier than 0:3.10.0-123.13.1.el7 is set to boot up on next boot
  • AND
  • kernel is earlier than 0:3.10.0-123.13.1.el7
  • AND kernel is signed with Red Hat redhatrelease2 key
  • kernel-abi-whitelists is earlier than 0:3.10.0-123.13.1.el7
  • AND kernel-abi-whitelists is signed with Red Hat redhatrelease2 key
  • kernel-bootwrapper is earlier than 0:3.10.0-123.13.1.el7
  • AND kernel-bootwrapper is signed with Red Hat redhatrelease2 key
  • kernel-debug is earlier than 0:3.10.0-123.13.1.el7
  • AND kernel-debug is signed with Red Hat redhatrelease2 key
  • kernel-debug-devel is earlier than 0:3.10.0-123.13.1.el7
  • AND kernel-debug-devel is signed with Red Hat redhatrelease2 key
  • kernel-devel is earlier than 0:3.10.0-123.13.1.el7
  • AND kernel-devel is signed with Red Hat redhatrelease2 key
  • kernel-doc is earlier than 0:3.10.0-123.13.1.el7
  • AND kernel-doc is signed with Red Hat redhatrelease2 key
  • kernel-headers is earlier than 0:3.10.0-123.13.1.el7
  • AND kernel-headers is signed with Red Hat redhatrelease2 key
  • kernel-kdump is earlier than 0:3.10.0-123.13.1.el7
  • AND kernel-kdump is signed with Red Hat redhatrelease2 key
  • kernel-kdump-devel is earlier than 0:3.10.0-123.13.1.el7
  • AND kernel-kdump-devel is signed with Red Hat redhatrelease2 key
  • kernel-tools is earlier than 0:3.10.0-123.13.1.el7
  • AND kernel-tools is signed with Red Hat redhatrelease2 key
  • kernel-tools-libs is earlier than 0:3.10.0-123.13.1.el7
  • AND kernel-tools-libs is signed with Red Hat redhatrelease2 key
  • kernel-tools-libs-devel is earlier than 0:3.10.0-123.13.1.el7
  • AND kernel-tools-libs-devel is signed with Red Hat redhatrelease2 key
  • perf is earlier than 0:3.10.0-123.13.1.el7
  • AND perf is signed with Red Hat redhatrelease2 key
  • python-perf is earlier than 0:3.10.0-123.13.1.el7
  • AND python-perf is signed with Red Hat redhatrelease2 key
  • BACK