| Description: | The kernel packages contain the Linux kernel, the core of any Linuxoperating system.* A flaw was found in the way the Linux kernel's SCTP implementationhandled malformed or duplicate Address Configuration Change Chunks(ASCONF). A remote attacker could use either of these flaws to crash thesystem. (CVE-2014-3673, CVE-2014-3687, Important)* A flaw was found in the way the Linux kernel's SCTP implementationhandled the association's output queue. A remote attacker could sendspecially crafted packets that would cause the system to use an excessiveamount of memory, leading to a denial of service. (CVE-2014-3688,Important)* Two flaws were found in the way the Apple Magic Mouse/Trackpadmulti-touch driver and the Minibox PicoLCD driver handled invalid HIDreports. An attacker with physical access to the system could use theseflaws to crash the system or, potentially, escalate their privileges on thesystem. (CVE-2014-3181, CVE-2014-3186, Moderate)* A memory corruption flaw was found in the way the USB ConnectTechWhiteHEAT serial driver processed completion commands sent via USB RequestBlocks buffers. An attacker with physical access to the system could usethis flaw to crash the system or, potentially, escalate their privileges onthe system. (CVE-2014-3185, Moderate)* A flaw was found in the way the Linux kernel's keys subsystem handled thetermination condition in the associative array garbage collectionfunctionality. A local, unprivileged user could use this flaw to crash thesystem. (CVE-2014-3631, Moderate)* Multiple flaws were found in the way the Linux kernel's ALSAimplementation handled user controls. A local, privileged user could useeither of these flaws to crash the system. (CVE-2014-4654, CVE-2014-4655,CVE-2014-4656, Moderate)* A flaw was found in the way the Linux kernel's VFS subsystem handledreference counting when performing unmount operations on symbolic links.A local, unprivileged user could use this flaw to exhaust all availablememory on the system or, potentially, trigger a use-after-free error,resulting in a system crash or privilege escalation. (CVE-2014-5045,Moderate)* A flaw was found in the way the get_dumpable() function return value wasinterpreted in the ptrace subsystem of the Linux kernel. When'fs.suid_dumpable' was set to 2, a local, unprivileged local user coulduse this flaw to bypass intended ptrace restrictions and obtainpotentially sensitive information. (CVE-2013-2929, Low)* A stack overflow flaw caused by infinite recursion was found in the waythe Linux kernel's UDF file system implementation processed indirect ICBs.An attacker with physical access to the system could use a speciallycrafted UDF image to crash the system. (CVE-2014-6410, Low)* An information leak flaw in the way the Linux kernel handled media deviceenumerate entities IOCTL requests could allow a local user able to accessthe /dev/media0 device file to leak kernel memory bytes. (CVE-2014-1739,Low)* An out-of-bounds read flaw in the Logitech Unifying receiver driver couldallow an attacker with physical access to the system to crash the systemor, potentially, escalate their privileges on the system. (CVE-2014-3182,Low)* Multiple out-of-bounds write flaws were found in the way the CherryCymotion keyboard driver, KYE/Genius device drivers, Logitech devicedrivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remotecontrol driver, and Sunplus wireless desktop driver handled invalid HIDreports. An attacker with physical access to the system could use either ofthese flaws to write data past an allocated memory buffer. (CVE-2014-3184,Low)* An information leak flaw was found in the RAM Disks Memory Copy (rd_mcp)back end driver of the iSCSI Target subsystem could allow a privileged userto leak the contents of kernel memory to an iSCSI initiator remote client.(CVE-2014-4027, Low)* An information leak flaw in the Linux kernel's ALSA implementation couldallow a local, privileged user to leak kernel memory to user space.(CVE-2014-4652, Low) |