Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871239
Category:Red Hat Local Security Checks
Title:RedHat Update for kernel RHSA-2014:1167-01
Summary:The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel's futex subsystem handled
reference counting when requeuing futexes during futex_wait(). A local,
unprivileged user could use this flaw to zero out the reference counter of
an inode or an mm struct that backs up the memory area of the futex, which
could lead to a use-after-free flaw, resulting in a system crash or,
potentially, privilege escalation. (CVE-2014-0205, Important)

* A NULL pointer dereference flaw was found in the way the Linux kernel's
networking implementation handled logging while processing certain invalid
packets coming in via a VxLAN interface. A remote attacker could use this
flaw to crash the system by sending a specially crafted packet to such an
interface. (CVE-2014-3535, Important)

* An out-of-bounds memory access flaw was found in the Linux kernel's
system call auditing implementation. On a system with existing audit rules
defined, a local, unprivileged user could use this flaw to leak kernel
memory to user space or, potentially, crash the system. (CVE-2014-3917,
Moderate)

* An integer underflow flaw was found in the way the Linux kernel's Stream
Control Transmission Protocol (SCTP) implementation processed certain
COOKIE_ECHO packets. By sending a specially crafted SCTP packet, a remote
attacker could use this flaw to prevent legitimate connections to a
particular SCTP server socket to be made. (CVE-2014-4667, Moderate)

Red Hat would like to thank Gopal Reddy Kodudula of Nokia Siemens Networks
for reporting CVE-2014-4667. The security impact of the CVE-2014-0205 issue
was discovered by Mateusz Guzik of Red Hat.

This update also fixes several bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.

All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.

Affected Software/OS:
kernel on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-0205
RedHat Security Advisories: RHSA-2014:1365
http://rhn.redhat.com/errata/RHSA-2014-1365.html
RedHat Security Advisories: RHSA-2014:1763
http://rhn.redhat.com/errata/RHSA-2014-1763.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-3535
BugTraq ID: 69721
http://www.securityfocus.com/bid/69721
Common Vulnerability Exposure (CVE) ID: CVE-2014-3917
http://article.gmane.org/gmane.linux.kernel/1713179
http://www.openwall.com/lists/oss-security/2014/05/29/5
RedHat Security Advisories: RHSA-2014:1143
http://rhn.redhat.com/errata/RHSA-2014-1143.html
RedHat Security Advisories: RHSA-2014:1281
http://rhn.redhat.com/errata/RHSA-2014-1281.html
http://secunia.com/advisories/59777
http://secunia.com/advisories/60011
http://secunia.com/advisories/60564
SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
http://www.ubuntu.com/usn/USN-2334-1
http://www.ubuntu.com/usn/USN-2335-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-4667
BugTraq ID: 68224
http://www.securityfocus.com/bid/68224
Debian Security Information: DSA-2992 (Google Search)
http://www.debian.org/security/2014/dsa-2992
http://www.openwall.com/lists/oss-security/2014/06/27/11
http://secunia.com/advisories/59790
http://secunia.com/advisories/60596
SuSE Security Announcement: SUSE-SU-2014:1316 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html
SuSE Security Announcement: SUSE-SU-2014:1319 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.