Oval Definition:oval:org.mitre.oval:def:24219
Revision Date:2014-05-12Version:20
Title:RHSA-2014:0328: kernel security and bug fix update (Important)
Description:The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CESA-2014:0328
CVE-2013-1860
CVE-2014-0055
CVE-2014-0069
CVE-2014-0101
RHSA-2014:0328-01
Platform(s):CentOS Linux 6
Red Hat Enterprise Linux 6
Product(s):kernel
Definition Synopsis
  • Redhat 6 or Centos 6 release
  • The operating system installed on the system is Red Hat Enterprise Linux 6
  • OR The operating system installed on the system is CentOS Linux 6.x
  • AND Packages section
  • kernel-debug-devel is earlier than 0:2.6.32-431.11.2.el6
  • OR kernel-headers is earlier than 0:2.6.32-431.11.2.el6
  • OR kernel-doc is earlier than 0:2.6.32-431.11.2.el6
  • OR perf is earlier than 0:2.6.32-431.11.2.el6
  • OR kernel-bootwrapper is earlier than 0:2.6.32-431.11.2.el6
  • OR kernel-debug is earlier than 0:2.6.32-431.11.2.el6
  • OR kernel-firmware is earlier than 0:2.6.32-431.11.2.el6
  • OR kernel-devel is earlier than 0:2.6.32-431.11.2.el6
  • OR kernel-kdump is earlier than 0:2.6.32-431.11.2.el6
  • OR python-perf is earlier than 0:2.6.32-431.11.2.el6
  • OR kernel is earlier than 0:2.6.32-431.11.2.el6
  • OR kernel-abi-whitelists is earlier than 0:2.6.32-431.11.2.el6
  • OR kernel-kdump-devel is earlier than 0:2.6.32-431.11.2.el6
    • BACK