- Issued:
- 2015-07-22
- Updated:
- 2015-07-22
RHSA-2015:1272 - Moderate: kernel security, bug fix, and enhancement update
Synopsis
Moderate: kernel security, bug fix, and enhancement update
Type/Severity
Security Advisory Moderate
Topic
Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the seventh regular update.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Description
The kernel packages contain the Linux kernel, the core of any Linux operating system.
-
A flaw was found in the way Linux kernel's Transparent Huge Pages (THP) implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugepages. (CVE-2014-3940, Moderate)
-
A buffer overflow flaw was found in the way the Linux kernel's eCryptfs implementation decoded encrypted file names. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-9683, Moderate)
-
A race condition flaw was found between the chown and execve system calls. When changing the owner of a setuid user binary to root, the race condition could momentarily make the binary setuid root. A local, unprivileged user could potentially use this flaw to escalate their privileges on the system. (CVE-2015-3339, Moderate)
-
Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled HID reports with an invalid report descriptor size. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer. (CVE-2014-3184, Low)
-
An information leak flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled access of the user control's state. A local, privileged user could use this flaw to leak kernel memory to user space. (CVE-2014-4652, Low)
-
It was found that the espfix functionality could be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks), and using that segment on the stack. A local, unprivileged user could potentially use this flaw to leak kernel stack addresses. (CVE-2014-8133, Low)
-
An information leak flaw was found in the Linux kernel's IEEE 802.11 wireless networking implementation. When software encryption was used, a remote attacker could use this flaw to leak up to 8 bytes of plaintext. (CVE-2014-8709, Low)
-
It was found that the Linux kernel KVM subsystem's sysenter instruction emulation was not sufficient. An unprivileged guest user could use this flaw to escalate their privileges by tricking the hypervisor to emulate a SYSENTER instruction in 16-bit mode, if the guest OS did not initialize the SYSENTER model-specific registers (MSRs). Note: Certified guest operating systems for Red Hat Enterprise Linux with KVM do initialize the SYSENTER MSRs and are thus not vulnerable to this issue when running on a KVM hypervisor. (CVE-2015-0239, Low)
Red Hat would like to thank Andy Lutomirski for reporting the CVE-2014-8133 issue, and Nadav Amit for reporting the CVE-2015-0239 issue.
This update fixes several hundred bugs and adds numerous enhancements. Refer to the Red Hat Enterprise Linux 6.7 Release Notes for information on the most significant of these changes, and the following Knowledgebase article for further information:
https://access.redhat.com/articles/1466073
All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. The system must be rebooted for this update to take effect.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for Scientific Computing | 6 | x86_64 |
| Red Hat Enterprise Linux for Power, big endian | 6 | ppc64 |
| Red Hat Enterprise Linux for IBM z Systems | 6 | s390x |
| Red Hat Enterprise Linux Workstation | 6 | x86_64 |
| Red Hat Enterprise Linux Workstation | 6 | i386 |
| Red Hat Enterprise Linux Server | 6 | x86_64 |
| Red Hat Enterprise Linux Server | 6 | i386 |
| Red Hat Enterprise Linux Server from RHUI | 6 | x86_64 |
| Red Hat Enterprise Linux Server from RHUI | 6 | i386 |
| Red Hat Enterprise Linux Server - Retired Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension | 6 | i386 |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) | 6 | s390x |
| Red Hat Enterprise Linux Desktop | 6 | x86_64 |
| Red Hat Enterprise Linux Desktop | 6 | i386 |
Updated Packages
- python-perf-2.6.32-573.el6.i686.rpm
- kernel-debug-devel-2.6.32-573.el6.ppc64.rpm
- kernel-debuginfo-2.6.32-573.el6.s390x.rpm
- kernel-devel-2.6.32-573.el6.i686.rpm
- kernel-abi-whitelists-2.6.32-573.el6.noarch.rpm
- python-perf-debuginfo-2.6.32-573.el6.i686.rpm
- kernel-headers-2.6.32-573.el6.x86_64.rpm
- perf-debuginfo-2.6.32-573.el6.x86_64.rpm
- kernel-2.6.32-573.el6.x86_64.rpm
- perf-debuginfo-2.6.32-573.el6.ppc64.rpm
- kernel-debuginfo-2.6.32-573.el6.x86_64.rpm
- kernel-debuginfo-common-s390x-2.6.32-573.el6.s390x.rpm
- kernel-debug-2.6.32-573.el6.i686.rpm
- kernel-debug-2.6.32-573.el6.x86_64.rpm
- perf-2.6.32-573.el6.x86_64.rpm
- kernel-kdump-debuginfo-2.6.32-573.el6.s390x.rpm
- kernel-2.6.32-573.el6.s390x.rpm
- kernel-doc-2.6.32-573.el6.noarch.rpm
- kernel-debug-2.6.32-573.el6.ppc64.rpm
- kernel-debuginfo-common-ppc64-2.6.32-573.el6.ppc64.rpm
- kernel-debug-devel-2.6.32-573.el6.s390x.rpm
- kernel-2.6.32-573.el6.src.rpm
- python-perf-2.6.32-573.el6.x86_64.rpm
- kernel-debug-devel-2.6.32-573.el6.i686.rpm
- kernel-debug-debuginfo-2.6.32-573.el6.x86_64.rpm
- kernel-2.6.32-573.el6.i686.rpm
- perf-2.6.32-573.el6.ppc64.rpm
- perf-2.6.32-573.el6.s390x.rpm
- kernel-headers-2.6.32-573.el6.i686.rpm
- kernel-debuginfo-common-x86_64-2.6.32-573.el6.x86_64.rpm
- python-perf-2.6.32-573.el6.ppc64.rpm
- kernel-firmware-2.6.32-573.el6.noarch.rpm
- kernel-headers-2.6.32-573.el6.ppc64.rpm
- perf-debuginfo-2.6.32-573.el6.s390x.rpm
- kernel-kdump-devel-2.6.32-573.el6.s390x.rpm
- kernel-debug-2.6.32-573.el6.s390x.rpm
- kernel-devel-2.6.32-573.el6.s390x.rpm
- kernel-2.6.32-573.el6.ppc64.rpm
- kernel-devel-2.6.32-573.el6.ppc64.rpm
- kernel-kdump-2.6.32-573.el6.s390x.rpm
- python-perf-2.6.32-573.el6.s390x.rpm
- kernel-debuginfo-common-i686-2.6.32-573.el6.i686.rpm
- python-perf-debuginfo-2.6.32-573.el6.ppc64.rpm
- kernel-debuginfo-2.6.32-573.el6.ppc64.rpm
- python-perf-debuginfo-2.6.32-573.el6.x86_64.rpm
- perf-2.6.32-573.el6.i686.rpm
- kernel-debug-debuginfo-2.6.32-573.el6.i686.rpm
- kernel-headers-2.6.32-573.el6.s390x.rpm
- kernel-debug-debuginfo-2.6.32-573.el6.ppc64.rpm
- kernel-devel-2.6.32-573.el6.x86_64.rpm
- perf-debuginfo-2.6.32-573.el6.i686.rpm
- kernel-debug-devel-2.6.32-573.el6.x86_64.rpm
- kernel-debuginfo-2.6.32-573.el6.i686.rpm
- kernel-bootwrapper-2.6.32-573.el6.ppc64.rpm
- python-perf-debuginfo-2.6.32-573.el6.s390x.rpm
- kernel-debug-debuginfo-2.6.32-573.el6.s390x.rpm
Fixes
- This content is not included.BZ - 734360
- This content is not included.BZ - 840708
- This content is not included.BZ - 986761
- This content is not included.BZ - 1025868
- This content is not included.BZ - 1066702
- This content is not included.BZ - 1104097
- This content is not included.BZ - 1113406
- This content is not included.BZ - 1115545
- This content is not included.BZ - 1116398
- This content is not included.BZ - 1141391
- This content is not included.BZ - 1144128
- This content is not included.BZ - 1145751
- This content is not included.BZ - 1150510
- This content is not included.BZ - 1156661
- This content is not included.BZ - 1171317
- This content is not included.BZ - 1172797
- This content is not included.BZ - 1173580
- This content is not included.BZ - 1183773
- This content is not included.BZ - 1186448
- This content is not included.BZ - 1187940
- This content is not included.BZ - 1193830
- This content is not included.BZ - 1196319
- This content is not included.BZ - 1200541
- This content is not included.BZ - 1208065
- This content is not included.BZ - 1214030
CVEs
- CVE-2014-3940
- CVE-2014-4652
- CVE-2014-3184
- CVE-2014-8709
- CVE-2014-9683
- CVE-2014-8133
- CVE-2015-0239
- CVE-2015-3339
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/articles/1466073
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.