RHSA-2015:0803: Important: kernel security and bug fix update

First published: Tue Apr 14 2015(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br><li> It was found that the Linux kernel's Infiniband subsystem did not</li> properly sanitize input parameters while registering memory regions from<br>user space via the (u)verbs API. A local user with access to a<br>/dev/infiniband/uverbsX device could use this flaw to crash the system or,<br>potentially, escalate their privileges on the system. (CVE-2014-8159,<br>Important)<br><li> An integer overflow flaw was found in the way the Linux kernel's Frame</li> Buffer device implementation mapped kernel memory to user space via the<br>mmap syscall. A local user able to access a frame buffer device file<br>(/dev/fb*) could possibly use this flaw to escalate their privileges on the<br>system. (CVE-2013-2596, Important)<br><li> It was found that the parse_rock_ridge_inode_internal() function of the</li> Linux kernel's ISOFS implementation did not correctly check relocated<br>directories when processing Rock Ridge child link (CL) tags. An attacker<br>with physical access to the system could use a specially crafted ISO image<br>to crash the system or, potentially, escalate their privileges on the<br>system. (CVE-2014-5471, CVE-2014-5472, Low)<br>Red Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue.<br>This update also fixes the following bugs:<br><li> The kernel could sometimes panic due to a possible division by zero in</li> the kernel scheduler. This bug has been fixed by defining a new div64_ul()<br>division function and correcting the affected calculation in the<br>proc_sched_show_task() function. (BZ#1199898)<br><li> When repeating a Coordinated Universal Time (UTC) value during a leap</li> second (when the UTC time should be 23:59:60), the International Atomic<br>Time (TAI) timescale previously stopped as the kernel NTP code incremented<br>the TAI offset one second too late. A patch has been provided, which fixes<br>the bug by incrementing the offset during the leap second itself. Now, the<br>correct TAI is set during the leap second. (BZ#1201672)<br>All kernel users are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues. The system must be<br>rebooted for this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• collector/redhat-errata
• anchor-id/RHSA-2015:0803
• package-manager/redhat