| Description: | The kernel packages contain the Linux kernel, the core of any Linuxoperating system.* It was found that the Linux kernel's ptrace subsystem allowed a tracedprocess' instruction pointer to be set to a non-canonical memory addresswithout forcing the non-sysret code path when returning to user space.A local, unprivileged user could use this flaw to crash the system or,potentially, escalate their privileges on the system. (CVE-2014-4699,Important)Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.* A flaw was found in the way the pppol2tp_setsockopt() andpppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TPimplementation handled requests with a non-SOL_PPPOL2TP socket optionlevel. A local, unprivileged user could use this flaw to escalate theirprivileges on the system. (CVE-2014-4943, Important)Red Hat would like to thank Andy Lutomirski for reporting CVE-2014-4699,and Sasha Levin for reporting CVE-2014-4943.All kernel users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. The system must berebooted for this update to take effect. |