Moderate CentOS kernel Security Update

Metadata

medium
6.2
kernel-2.6.32-573.el6.i686.rpm, kernel-2.6.32-573.el6.src.rpm, kernel-2.6.32-573.el6.x86_64.rpm, kernel-abi-whitelists-2.6.32-573.el6.noarch.rpm, kernel-debug-2.6.32-573.el6.i686.rpm, kernel-debug-2.6.32-573.el6.x86_64.rpm, kernel-debug-devel-2.6.32-573.el6.i686.rpm, kernel-debug-devel-2.6.32-573.el6.x86_64.rpm, kernel-devel-2.6.32-573.el6.i686.rpm, kernel-devel-2.6.32-573.el6.x86_64.rpm, kernel-doc-2.6.32-573.el6.noarch.rpm, kernel-firmware-2.6.32-573.el6.noarch.rpm, kernel-headers-2.6.32-573.el6.i686.rpm, kernel-headers-2.6.32-573.el6.x86_64.rpm, perf-2.6.32-573.el6.i686.rpm, perf-2.6.32-573.el6.x86_64.rpm, python-perf-2.6.32-573.el6.i686.rpm, python-perf-2.6.32-573.el6.x86_64.rpm
CVE-2014-3184, CVE-2014-3940, CVE-2014-4652, CVE-2014-8133, CVE-2014-8709, CVE-2014-9683, CVE-2015-0239, CVE-2015-3339
rhn.redhat.com, lists.centos.org
2015-07-26
2017-07-27 19:09
Important CentOS kernel Security Update
Important CentOS kernel Security Update
Important CentOS kernel Security Update
CVE-2014-4652 linux
CVE-2014-8133 linux
CVE-2014-3184 linux
CVE-2014-9683 linux
CVE-2014-8709 linux
CVE-2014-3940 linux
CVE-2015-0239 linux
CVE-2015-3339 linux
CVE-2014-8709
CVE-2014-3184
CVE-2015-3339
CVE-2014-3940
CVE-2015-0239
CVE-2014-9683
CVE-2014-4652
CVE-2014-8133
2017-04-01 19:09
2017-01-05 20:13

Description


Updated kernel packages that fix multiple security issues, address several
hundred bugs, and add numerous enhancements are now available as part of
the ongoing support and maintenance of Red Hat Enterprise Linux version 6.
This is the seventh regular update.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way Linux kernel's Transparent Huge Pages (THP)
implementation handled non-huge page migration. A local, unprivileged user
could use this flaw to crash the kernel by migrating transparent hugepages.
(CVE-2014-3940, Moderate)

* A buffer overflow flaw was found in the way the Linux kernel's eCryptfs
implementation decoded encrypted file names. A local, unprivileged user
could use this flaw to crash the system or, potentially, escalate their
privileges on the system. (CVE-2014-9683, Moderate)

* A race condition flaw was found between the chown and execve system
calls. When changing the owner of a setuid user binary to root, the race
condition could momentarily make the binary setuid root. A local,
unprivileged user could potentially use this flaw to escalate their
privileges on the system. (CVE-2015-3339, Moderate)

* Multiple out-of-bounds write flaws were found in the way the Cherry
Cymotion keyboard driver, KYE/Genius device drivers, Logitech device
drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote
control driver, and Sunplus wireless desktop driver handled HID reports
with an invalid report descriptor size. An attacker with physical access to
the system could use either of these flaws to write data past an allocated
memory buffer. (CVE-2014-3184, Low)

* An information leak flaw was found in the way the Linux kernel's Advanced
Linux Sound Architecture (ALSA) implementation handled access of the user
control's state. A local, privileged user could use this flaw to leak
kernel memory to user space. (CVE-2014-4652, Low)

* It was found that the espfix functionality could be bypassed by
installing a 16-bit RW data segment into GDT instead of LDT (which espfix
checks), and using that segment on the stack. A local, unprivileged user
could potentially use this flaw to leak kernel stack addresses.
(CVE-2014-8133, Low)

* An information leak flaw was found in the Linux kernel's IEEE 802.11
wireless networking implementation. When software encryption was used, a
remote attacker could use this flaw to leak up to 8 bytes of plaintext.
(CVE-2014-8709, Low)

* It was found that the Linux kernel KVM subsystem's sysenter instruction
emulation was not sufficient. An unprivileged guest user could use this
flaw to escalate their privileges by tricking the hypervisor to emulate a
SYSENTER instruction in 16-bit mode, if the guest OS did not initialize the
SYSENTER model-specific registers (MSRs). Note: Certified guest operating
systems for Red Hat Enterprise Linux with KVM do initialize the SYSENTER
MSRs and are thus not vulnerable to this issue when running on a KVM
hypervisor. (CVE-2015-0239, Low)

Red Hat would like to thank Andy Lutomirski for reporting the CVE-2014-8133
issue, and Nadav Amit for reporting the CVE-2015-0239 issue.

This update fixes several hundred bugs and adds numerous enhancements.
Refer to the Red Hat Enterprise Linux 6.7 Release Notes for information on
the most significant of these changes, and the following Knowledgebase
article for further information:

https://access.redhat.com/articles/1466073

All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements. The system must be rebooted for this update to take effect.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
6 kernel kernel-2.6.32-573.el6.i686.rpm
kernel kernel-2.6.32-573.el6.src.rpm
kernel kernel-2.6.32-573.el6.x86_64.rpm
kernel-abi-whitelists kernel-abi-whitelists-2.6.32-573.el6.noarch.rpm
kernel-debug kernel-debug-2.6.32-573.el6.i686.rpm
kernel-debug kernel-debug-2.6.32-573.el6.x86_64.rpm
kernel-debug-devel kernel-debug-devel-2.6.32-573.el6.i686.rpm
kernel-debug-devel kernel-debug-devel-2.6.32-573.el6.x86_64.rpm
kernel-devel kernel-devel-2.6.32-573.el6.i686.rpm
kernel-devel kernel-devel-2.6.32-573.el6.x86_64.rpm
kernel-doc kernel-doc-2.6.32-573.el6.noarch.rpm
kernel-firmware kernel-firmware-2.6.32-573.el6.noarch.rpm
kernel-headers kernel-headers-2.6.32-573.el6.i686.rpm
kernel-headers kernel-headers-2.6.32-573.el6.x86_64.rpm
perf perf-2.6.32-573.el6.i686.rpm
perf perf-2.6.32-573.el6.x86_64.rpm
python-perf python-perf-2.6.32-573.el6.i686.rpm
python-perf python-perf-2.6.32-573.el6.x86_64.rpm