| Description: | The kernel packages contain the Linux kernel, the core of any Linuxoperating system.* A NULL pointer dereference flaw was found in the way the Linux kernel'sStream Control Transmission Protocol (SCTP) implementation handledsimultaneous connections between the same hosts. A remote attacker coulduse this flaw to crash the system. (CVE-2014-5077, Important)* An integer overflow flaw was found in the way the Linux kernel's FrameBuffer device implementation mapped kernel memory to user space via themmap syscall. A local user able to access a frame buffer device file(/dev/fb*) could possibly use this flaw to escalate their privileges on thesystem. (CVE-2013-2596, Important)* A flaw was found in the way the ipc_rcu_putref() function in the Linuxkernel's IPC implementation handled reference counter decrementing.A local, unprivileged user could use this flaw to trigger an Out of Memory(OOM) condition and, potentially, crash the system. (CVE-2013-4483,Moderate)* It was found that the permission checks performed by the Linux kernelwhen a netlink message was received were not sufficient. A local,unprivileged user could potentially bypass these restrictions by passing anetlink socket as stdout or stderr to a more privileged process andaltering the output of this process. (CVE-2014-0181, Moderate)* It was found that the try_to_unmap_cluster() function in the Linuxkernel's Memory Managment subsystem did not properly handle page locking incertain cases, which could potentially trigger the BUG_ON() macro in themlock_vma_page() function. A local, unprivileged user could use this flawto crash the system. (CVE-2014-3122, Moderate)* A flaw was found in the way the Linux kernel's kvm_iommu_map_pages()function handled IOMMU mapping failures. A privileged user in a guest withan assigned host device could use this flaw to crash the host.(CVE-2014-3601, Moderate)* Multiple use-after-free flaws were found in the way the Linux kernel'sAdvanced Linux Sound Architecture (ALSA) implementation handled usercontrols. A local, privileged user could use either of these flaws to crashthe system. (CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, Moderate)* A flaw was found in the way the Linux kernel's VFS subsystem handledreference counting when performing unmount operations on symbolic links.A local, unprivileged user could use this flaw to exhaust all availablememory on the system or, potentially, trigger a use-after-free error,resulting in a system crash or privilege escalation. (CVE-2014-5045,Moderate)* An integer overflow flaw was found in the way the lzo1x_decompress_safe()function of the Linux kernel's LZO implementation processed Literal Runs.A local attacker could, in extremely rare cases, use this flaw to crash thesystem or, potentially, escalate their privileges on the system.(CVE-2014-4608, Low)Red Hat would like to thank Vladimir Davydov of Parallels for reportingCVE-2013-4483, Jack Morgenstein of Mellanox for reporting CVE-2014-3601,Vasily Averin of Parallels for reporting CVE-2014-5045, and Don A.Bailey from Lab Mouse Security for reporting CVE-2014-4608. The securityimpact of the CVE-2014-3601 issue was discovered by Michael Tsirkin ofRed Hat.This update also fixes several hundred bugs and adds numerous enhancements.Refer to the Red Hat Enterprise Linux 6.6 Release Notes for information onthe most significant of these changes, and the Technical Notes for furtherinformation, both linked to in the References.All Red Hat Enterprise Linux 6 users are advised to install these updatedpackages, which correct these issues, and fix the bugs and add theenhancements noted in the Red Hat Enterprise Linux 6.6 Release Notes andTechnical Notes. The system must be rebooted for this update totake effect. |