First published: Tue Jun 10 2014(Updated: )
The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br><li> A flaw was found in the way the Linux kernel's floppy driver handled user</li> space provided data in certain error code paths while processing FDRAWCMD<br>IOCTL commands. A local user with write access to /dev/fdX could use this<br>flaw to free (using the kfree() function) arbitrary kernel memory.<br>(CVE-2014-1737, Important)<br><li> It was found that the Linux kernel's floppy driver leaked internal kernel</li> memory addresses to user space during the processing of the FDRAWCMD IOCTL<br>command. A local user with write access to /dev/fdX could use this flaw to<br>obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)<br>Note: A local user with write access to /dev/fdX could use these two flaws<br>(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their<br>privileges on the system.<br><li> A NULL pointer dereference flaw was found in the rds_ib_laddr_check()</li> function in the Linux kernel's implementation of Reliable Datagram Sockets<br>(RDS). A local, unprivileged user could use this flaw to crash the system.<br>(CVE-2013-7339, Moderate)<br>Red Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and<br>CVE-2014-1738.<br>This update also fixes the following bugs:<br><li> A bug in the futex system call could result in an overflow when passing</li> a very large positive timeout. As a consequence, the FUTEX_WAIT operation<br>did not work as intended and the system call was timing out immediately.<br>A backported patch fixes this bug by limiting very large positive timeouts<br>to the maximal supported value. (BZ#1091832)<br><li> A new Linux Security Module (LSM) functionality related to the setrlimit</li> hooks should produce a warning message when used by a third party module<br>that could not cope with it. However, due to a programming error, the<br>kernel could print this warning message when a process was setting rlimits<br>for a different process, or if rlimits were modified by another than the<br>main thread even though there was no incompatible third party module. This<br>update fixes the relevant code and ensures that the kernel handles this<br>warning message correctly. (BZ#1092869)<br><li> Previously, the kernel was unable to detect KVM on system boot if the</li> Hyper-V emulation was enabled. A patch has been applied to ensure that<br>both KVM and Hyper-V hypervisors are now correctly detected during system<br>boot. (BZ#1094152)<br><li> A function in the RPC code responsible for verifying whether cached</li> credentials match the current process did not perform the check correctly.<br>The code checked only whether the groups in the current process<br>credentials appear in the same order as in the cached credentials but did<br>not ensure that no other groups are present in the cached credentials. As<br>a consequence, when accessing files in NFS mounts, a process with the same<br>UID and GID as the original process but with a non-matching group list<br>could have been granted an unauthorized access to a file, or under certain<br>circumstances, the process could have been wrongly prevented from<br>accessing the file. The incorrect test condition has been fixed and the<br>problem can no longer occur. (BZ#1095062)<br><li> When being under heavy load, some Fibre Channel storage devices, such as</li> Hitachi and HP Open-V series, can send a logout (LOGO) message to the<br>host system. However, due to a bug in the lpfc driver, this could result<br>in a loss of active paths to the storage and the paths could not be<br>recovered without manual intervention. This update corrects the lpfc<br>driver to ensure automatic recovery of the lost paths to the storage in<br>this scenario. (BZ#1096061)<br>All kernel users are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues. The system must be<br>rebooted for this update to take effect.<br>
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-debug | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-debug-debuginfo | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-debug-devel | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-debuginfo | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-debuginfo-common | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-devel | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-doc | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-headers | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-xen | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-xen-debuginfo | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-xen-devel | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-debug | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-debug-debuginfo | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-debug-devel | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-debuginfo | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-debuginfo-common | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-devel | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-headers | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-xen | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-xen-debuginfo | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-xen-devel | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-kdump | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-kdump-debuginfo | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
redhat/kernel-kdump-devel | <2.6.18-371.9.1.el5 | 2.6.18-371.9.1.el5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.