RHSA-2014:1997: Important: kernel security and bug fix update

First published: Tue Dec 16 2014(Updated: )

<li> A flaw was found in the way the Linux kernel handled GS segment register</li> base switching when recovering from a #SS (stack segment) fault on an<br>erroneous return to user space. A local, unprivileged user could use this<br>flaw to escalate their privileges on the system. (CVE-2014-9322, Important)<br><li> A flaw was found in the way the Linux kernel's SCTP implementation</li> handled malformed or duplicate Address Configuration Change Chunks<br>(ASCONF). A remote attacker could use either of these flaws to crash the<br>system. (CVE-2014-3673, CVE-2014-3687, Important)<br><li> A flaw was found in the way the Linux kernel's SCTP implementation</li> handled the association's output queue. A remote attacker could send<br>specially crafted packets that would cause the system to use an excessive<br>amount of memory, leading to a denial of service. (CVE-2014-3688,<br>Important)<br><li> A stack overflow flaw caused by infinite recursion was found in the way</li> the Linux kernel's UDF file system implementation processed indirect ICBs.<br>An attacker with physical access to the system could use a specially<br>crafted UDF image to crash the system. (CVE-2014-6410, Low)<br><li> It was found that the Linux kernel's networking implementation did not</li> correctly handle the setting of the keepalive socket option on raw sockets.<br>A local user able to create a raw socket could use this flaw to crash the<br>system. (CVE-2012-6657, Low)<br><li> It was found that the parse_rock_ridge_inode_internal() function of the</li> Linux kernel's ISOFS implementation did not correctly check relocated<br>directories when processing Rock Ridge child link (CL) tags. An attacker<br>with physical access to the system could use a specially crafted ISO image<br>to crash the system or, potentially, escalate their privileges on the<br>system. (CVE-2014-5471, CVE-2014-5472, Low)<br>Red Hat would like to thank Andy Lutomirski for reporting CVE-2014-9322.<br>The CVE-2014-3673 issue was discovered by Liu Wei of Red Hat.<br>Bug fixes:<br><li> This update fixes a race condition issue between the sock_queue_err_skb</li> function and sk_forward_alloc handling in the socket error queue<br>(MSG_ERRQUEUE), which could occasionally cause the kernel, for example when<br>using PTP, to incorrectly track allocated memory for the error queue, in<br>which case a traceback would occur in the system log. (BZ#1155427)<br><li> The zcrypt device driver did not detect certain crypto cards and the</li> related domains for crypto adapters on System z and s390x architectures.<br>Consequently, it was not possible to run the system on new crypto hardware.<br>This update enables toleration mode for such devices so that the system<br>can make use of newer crypto hardware. (BZ#1158311)<br><li> After mounting and unmounting an XFS file system several times</li> consecutively, the umount command occasionally became unresponsive.<br>This was caused by the xlog_cil_force_lsn() function that was not waiting<br>for completion as expected. With this update, xlog_cil_force_lsn() has been<br>modified to correctly wait for completion, thus fixing this bug.<br>(BZ#1158325)<br><li> When using the ixgbe adapter with disabled LRO and the tx-usec or rs-usec</li> variables set to 0, transmit interrupts could not be set lower than the<br>default of 8 buffered tx frames. Consequently, a delay of TCP transfer<br>occurred. The restriction of a minimum of 8 buffered frames has been<br>removed, and the TCP delay no longer occurs. (BZ#1158326)<br><li> The offb driver has been updated for the QEMU standard VGA adapter,</li> fixing an incorrect displaying of colors issue. (BZ#1158328)<br><li> Under certain circumstances, when a discovered MTU expired, the IPv6</li> connection became unavailable for a short period of time. This bug has been<br>fixed, and the connection now works as expected. (BZ#1161418)<br><li> A low throughput occurred when using the dm-thin driver to write to</li> unprovisioned or shared chunks for a thin pool with the chunk size bigger<br>than the max_sectors_kb variable. (BZ#1161420)<br><li> Large write workloads on thin LVs could cause the iozone and smallfile</li> utilities to terminate unexpectedly. (BZ#1161421)<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2014:1997
• agent/severity
• agent/tags
• agent/weakness
• agent/references
• agent/title
• agent/description
• agent/type
• agent/event
• agent/softwarecombine
• agent/first-publish-date
• agent/last-modified-date
• agent/remedy
• package-manager/redhat