RHSA-2014:0772: Important: kernel security and bug fix update

First published: Thu Jun 19 2014(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br><li> A flaw was found in the way the Linux kernel's floppy driver handled user</li> space provided data in certain error code paths while processing FDRAWCMD<br>IOCTL commands. A local user with write access to /dev/fdX could use this<br>flaw to free (using the kfree() function) arbitrary kernel memory.<br>(CVE-2014-1737, Important)<br><li> It was found that the Linux kernel's floppy driver leaked internal kernel</li> memory addresses to user space during the processing of the FDRAWCMD IOCTL<br>command. A local user with write access to /dev/fdX could use this flaw to<br>obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)<br>Note: A local user with write access to /dev/fdX could use these two flaws<br>(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their<br>privileges on the system.<br><li> A flaw was found in the way the Linux kernel's TCP/IP protocol suite</li> implementation handled TCP packets with both the SYN and FIN flags set.<br>A remote attacker could use this flaw to consume an excessive amount of<br>resources on the target system, potentially resulting in a denial of<br>service. (CVE-2012-6638, Moderate)<br>Red Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and<br>CVE-2014-1738.<br>This update also fixes the following bugs:<br><li> While under heavy load, some Fibre Channel storage devices, such as</li> Hitachi and HP Open-V series, can send a logout (LOGO) message to the host<br>system. However, due to a bug in the lpfc driver, this could result in a<br>loss of active paths to the storage and the paths could not be recovered<br>without manual intervention. This update corrects the lpfc driver to ensure<br>automatic recovery of the lost paths to the storage in this scenario.<br>(BZ#1096060)<br><li> A bug in the futex system call could result in an overflow when passing a</li> very large positive timeout. As a consequence, the FUTEX_WAIT operation did<br>not work as intended and the system call was timing out immediately.<br>A backported patch fixes this bug by limiting very large positive timeouts<br>to the maximal supported value. (BZ#1091831)<br>All kernel users are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues. The system must be<br>rebooted for this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• collector/redhat-errata
• anchor-id/RHSA-2014:0772
• package-manager/redhat