RHSA-2015:1778: Important: kernel security and bug fix update

First published: Tue Sep 15 2015(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br><li> A flaw was found in the kernel's implementation of the Berkeley Packet</li> Filter (BPF). A local attacker could craft BPF code to crash the system by<br>creating a situation in which the JIT compiler would fail to correctly<br>optimize the JIT image on the last pass. This would lead to the CPU<br>executing instructions that were not part of the JIT code. (CVE-2015-4700,<br>Important)<br><li> Two flaws were found in the way the Linux kernel's networking</li> implementation handled UDP packets with incorrect checksum values. A remote<br>attacker could potentially use these flaws to trigger an infinite loop in<br>the kernel, resulting in a denial of service on the system, or cause a<br>denial of service in applications using the edge triggered epoll<br>functionality. (CVE-2015-5364, CVE-2015-5366, Important)<br><li> A flaw was found in the way the Linux kernel's ext4 file system handled</li> the "page size &gt; block size" condition when the fallocate zero range<br>functionality was used. A local attacker could use this flaw to crash the<br>system. (CVE-2015-0275, Moderate)<br><li> It was found that the Linux kernel's keyring implementation would leak</li> memory when adding a key to a keyring via the add_key() function. A local<br>attacker could use this flaw to exhaust all available memory on the system.<br>(CVE-2015-1333, Moderate)<br><li> A race condition flaw was found in the way the Linux kernel's SCTP</li> implementation handled Address Configuration lists when performing Address<br>Configuration Change (ASCONF). A local attacker could use this flaw to<br>crash the system via a race condition triggered by setting certain ASCONF<br>options on a socket. (CVE-2015-3212, Moderate)<br><li> An information leak flaw was found in the way the Linux kernel's Virtual</li> Dynamic Shared Object (vDSO) implementation performed address<br>randomization. A local, unprivileged user could use this flaw to leak<br>kernel memory addresses to user-space. (CVE-2014-9585, Low)<br>Red Hat would like to thank Daniel Borkmann for reporting CVE-2015-4700,<br>and Canonical for reporting the CVE-2015-1333 issue. The CVE-2015-0275<br>issue was discovered by Xiong Zhou of Red Hat, and the CVE-2015-3212 issue<br>was discovered by Ji Jianwen of Red Hat Engineering.<br>This update also fixes several bugs. Refer to the following Knowledgebase<br>article for further information:<br><a href="https://access.redhat.com/articles/1614563" target="_blank">https://access.redhat.com/articles/1614563</a> All kernel users are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues. The system must be<br>rebooted for this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• collector/redhat-errata
• anchor-id/RHSA-2015:1778
• package-manager/redhat