RHSA-2014:0439: Important: kernel-rt security, bug fix, and enhancement update

First published: Mon Apr 28 2014(Updated: )

The kernel-rt packages contain the Linux kernel, the core of any Linux<br>operating system.<br><li> A denial of service flaw was found in the way the Linux kernel's IPv6</li> implementation processed IPv6 router advertisement (RA) packets.<br>An attacker able to send a large number of RA packets to a target system<br>could potentially use this flaw to crash the target system. (CVE-2014-2309,<br>Important)<br><li> A flaw was found in the way the Linux kernel's netfilter connection</li> tracking implementation for Datagram Congestion Control Protocol (DCCP)<br>packets used the skb_header_pointer() function. A remote attacker could use<br>this flaw to send a specially crafted DCCP packet to crash the system or,<br>potentially, escalate their privileges on the system. (CVE-2014-2523,<br>Important)<br><li> A flaw was found in the way the Linux kernel's CIFS implementation</li> handled uncached write operations with specially crafted iovec structures.<br>An unprivileged local user with access to a CIFS share could use this flaw<br>to crash the system, leak kernel memory, or, potentially, escalate their<br>privileges on the system. (CVE-2014-0069, Moderate)<br><li> A flaw was found in the way the Linux kernel handled pending Floating</li> Pointer Unit (FPU) exceptions during the switching of tasks. A local<br>attacker could use this flaw to terminate arbitrary processes on the<br>system, causing a denial of service, or, potentially, escalate their<br>privileges on the system. Note that this flaw only affected systems using<br>AMD CPUs on both 32-bit and 64-bit architectures. (CVE-2014-1438, Moderate)<br><li> It was found that certain protocol handlers in the Linux kernel's</li> networking implementation could set the addr_len value without initializing<br>the associated data structure. A local, unprivileged user could use this<br>flaw to leak kernel stack memory to user space using the recvmsg, recvfrom,<br>and recvmmsg system calls. (CVE-2013-7263, CVE-2013-7265, Low)<br><li> An information leak flaw was found in the Linux kernel's netfilter</li> connection tracking IRC NAT helper implementation that could allow a remote<br>attacker to disclose portions of kernel stack memory during IRC DCC (Direct<br>Client-to-Client) communication over NAT. (CVE-2014-1690, Low)<br><li> A denial of service flaw was discovered in the way the Linux kernel's</li> SELinux implementation handled files with an empty SELinux security<br>context. A local user who has the CAP_MAC_ADMIN capability could use this<br>flaw to crash the system. (CVE-2014-1874, Low)<br>Red Hat would like to thank Al Viro for reporting CVE-2014-0069.<br>The CVE-2014-1690 issue was discovered by Daniel Borkmann of Red Hat.<br>This update also fixes several bugs and adds multiple enhancements.<br>Documentation for these changes will be available shortly from the<br>Technical Notes document linked to in the References section.<br>Users are advised to upgrade to these updated packages, which upgrade the<br>kernel-rt kernel to version kernel-rt-3.10.33-rt32.33, correct these<br>issues, and fix the bugs and add the enhancements noted in the Red Hat<br>Enterprise MRG 2 Technical Notes. The system must be rebooted for this<br>update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2014:0439
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• package-manager/redhat