exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2015-0290-01

Red Hat Security Advisory 2015-0290-01
Posted Mar 5, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0290-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system. It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause denial of service on the system.

tags | advisory, remote, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2014-3690, CVE-2014-3940, CVE-2014-7825, CVE-2014-7826, CVE-2014-8086, CVE-2014-8160, CVE-2014-8172, CVE-2014-8173, CVE-2014-8709, CVE-2014-8884, CVE-2015-0274
SHA-256 | 1aebc78eb21f1a9fa9c0602f7e6c1ee22261ff3e5cb9a63185775754015e6f78

Red Hat Security Advisory 2015-0290-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel security, bug fix, and enhancement update
Advisory ID: RHSA-2015:0290-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0290.html
Issue date: 2015-03-05
CVE Names: CVE-2014-3690 CVE-2014-3940 CVE-2014-7825
CVE-2014-7826 CVE-2014-8086 CVE-2014-8160
CVE-2014-8172 CVE-2014-8173 CVE-2014-8709
CVE-2014-8884 CVE-2015-0274
=====================================================================

1. Summary:

Updated kernel packages that fix multiple security issues, address several
hundred bugs, and add numerous enhancements are now available as part of
the ongoing support and maintenance of Red Hat Enterprise Linux version 7.
This is the first regular update.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel's XFS file system handled
replacing of remote attributes under certain conditions. A local user with
access to XFS file system mount could potentially use this flaw to escalate
their privileges on the system. (CVE-2015-0274, Important)

* It was found that the Linux kernel's KVM implementation did not ensure
that the host CR4 control register value remained unchanged across VM
entries on the same virtual CPU. A local, unprivileged user could use this
flaw to cause denial of service on the system. (CVE-2014-3690, Moderate)

* A flaw was found in the way Linux kernel's Transparent Huge Pages (THP)
implementation handled non-huge page migration. A local, unprivileged user
could use this flaw to crash the kernel by migrating transparent hugepages.
(CVE-2014-3940, Moderate)

* An out-of-bounds memory access flaw was found in the syscall tracing
functionality of the Linux kernel's perf subsystem. A local, unprivileged
user could use this flaw to crash the system. (CVE-2014-7825, Moderate)

* An out-of-bounds memory access flaw was found in the syscall tracing
functionality of the Linux kernel's ftrace subsystem. On a system with
ftrace syscall tracing enabled, a local, unprivileged user could use this
flaw to crash the system, or escalate their privileges. (CVE-2014-7826,
Moderate)

* A race condition flaw was found in the Linux kernel's ext4 file system
implementation that allowed a local, unprivileged user to crash the system
by simultaneously writing to a file and toggling the O_DIRECT flag using
fcntl(F_SETFL) on that file. (CVE-2014-8086, Moderate)

* A flaw was found in the way the Linux kernel's netfilter subsystem
handled generic protocol tracking. As demonstrated in the Stream Control
Transmission Protocol (SCTP) case, a remote attacker could use this flaw to
bypass intended iptables rule restrictions when the associated connection
tracking module was not loaded on the system. (CVE-2014-8160, Moderate)

* It was found that due to excessive files_lock locking, a soft lockup
could be triggered in the Linux kernel when performing asynchronous I/O
operations. A local, unprivileged user could use this flaw to crash the
system. (CVE-2014-8172, Moderate)

* A NULL pointer dereference flaw was found in the way the Linux kernel's
madvise MADV_WILLNEED functionality handled page table locking. A local,
unprivileged user could use this flaw to crash the system. (CVE-2014-8173,
Moderate)

* An information leak flaw was found in the Linux kernel's IEEE 802.11
wireless networking implementation. When software encryption was used, a
remote attacker could use this flaw to leak up to 8 bytes of plaintext.
(CVE-2014-8709, Low)

* A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge
DEC USB device driver. A local user with write access to the corresponding
device could use this flaw to crash the kernel or, potentially, elevate
their privileges on the system. (CVE-2014-8884, Low)

Red Hat would like to thank Eric Windisch of the Docker project for
reporting CVE-2015-0274, Andy Lutomirski for reporting CVE-2014-3690, and
Robert Święcki for reporting CVE-2014-7825 and CVE-2014-7826.

This update also fixes several hundred bugs and adds numerous enhancements.
Refer to the Red Hat Enterprise Linux 7.1 Release Notes for information on
the most significant of these changes, and the following Knowledgebase
article for further information: https://access.redhat.com/articles/1352803

All Red Hat Enterprise Linux 7 users are advised to install these updated
packages, which correct these issues and add these enhancements. The system
must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

839966 - Trigger RHEL7 crash in guest domU, host don't generate core file
915335 - RFE: Multiple virtio-rng devices support
968147 - enable online multiple hot-added CPUs cause RHEL7.0 guest hang(soft lockup)
1043379 - guest screen fail to return back to the originally screen after resume from S3(still black screen)
1050834 - lockdep warning in flush_work() when hotunplugging a virtio-scsi disk (scsi-block + iscsi://)
1058608 - [RFE] btrfs-progs: btrfs resize doesn't support T/P/E suffix
1065474 - Size of external origin needs to be aligned with thin pool chunk size
1067126 - Virt-manager doesn't configure bridge for VM
1068627 - implement lazy save/restore of debug registers
1071340 - FCoE target: kernel panic when initiator connects to target
1074747 - kvm unit test "realmode" fails
1078775 - During query cpuinfo during guest boot from ipxe repeatedly in AMD hosts, vm repeatedly reboot.
1079841 - kvm unit test "debug" fails
1080894 - dm-cache: crash on creating cache
1083860 - kernel panic when virtscsi_init fails
1083969 - libguestfs-test-tool hangs when the guest is boot with -cpu host
1086058 - fail to boot L2 guest on wildcatpass Haswell host
1088784 - qemu ' KVM internal error. Suberror: 1' when query cpu frequently during pxe boot in Intel "Q95xx" host
1091818 - Windows guest booting failed with apicv and hv_vapic
1095099 - RHEL7.0 guest hang during kdump with qxl shared irq
1098643 - sync with latest upstream dm-thin provisioning improvements and fixes (through 3.15)
1102641 - BUG: It is not possible to communicate between local program and local ipv6 address when at least one 'netlabelctl unlbl' rule is added
1104097 - CVE-2014-3940 Kernel: missing check during hugepage migration
1115201 - [xfs] can't create inodes in newly added space after xfs_growfs
1117542 - Support for movntdq
1119662 - BUG: NetLabel lead to kernel panic on some SELinux levels
1120850 - unable recover NFSv3 locks NLM_DENIED_NOLOCK
1124880 - [fuse] java.io.FileNotFoundException (FNF) during time period with unrecovered disk errors
1127218 - Include fix commit daba287b299ec7a ("ipv4: fix DO and PROBE pmtu mode regarding local fragmentation with UFO/CORK")
1131552 - Solarflare devices do not provide PCIe ACS support, limiting device assignment use case due to IOMMU grouping
1141399 - Device 'vfio-pci' could not be initialized when passing through Intel 82599
1151353 - CVE-2014-8086 Kernel: fs: ext4 race condition
1153322 - CVE-2014-3690 kernel: kvm: vmx: invalid host cr4 handling across vm entries
1161565 - CVE-2014-7825 CVE-2014-7826 kernel: insufficient syscall number validation in perf and ftrace subsystems
1164266 - CVE-2014-8884 kernel: usb: buffer overflow in ttusb-dec
1173580 - CVE-2014-8709 kernel: net: mac80211: plain text information leak
1182059 - CVE-2014-8160 kernel: iptables restriction bypass if a protocol handler kernel module not loaded
1195248 - CVE-2015-0274 kernel: xfs: replacing remote attributes memory corruption
1198457 - CVE-2014-8173 kernel: NULL pointer dereference in madvise(MADV_WILLNEED) support
1198503 - CVE-2014-8172 kernel: soft lockup on aio

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
kernel-3.10.0-229.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-229.el7.noarch.rpm
kernel-doc-3.10.0-229.el7.noarch.rpm

x86_64:
kernel-3.10.0-229.el7.x86_64.rpm
kernel-debug-3.10.0-229.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-debug-devel-3.10.0-229.el7.x86_64.rpm
kernel-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-229.el7.x86_64.rpm
kernel-devel-3.10.0-229.el7.x86_64.rpm
kernel-headers-3.10.0-229.el7.x86_64.rpm
kernel-tools-3.10.0-229.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-tools-libs-3.10.0-229.el7.x86_64.rpm
perf-3.10.0-229.el7.x86_64.rpm
perf-debuginfo-3.10.0-229.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-229.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-229.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-229.el7.x86_64.rpm
perf-debuginfo-3.10.0-229.el7.x86_64.rpm
python-perf-3.10.0-229.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-229.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
kernel-3.10.0-229.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-229.el7.noarch.rpm
kernel-doc-3.10.0-229.el7.noarch.rpm

x86_64:
kernel-3.10.0-229.el7.x86_64.rpm
kernel-debug-3.10.0-229.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-debug-devel-3.10.0-229.el7.x86_64.rpm
kernel-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-229.el7.x86_64.rpm
kernel-devel-3.10.0-229.el7.x86_64.rpm
kernel-headers-3.10.0-229.el7.x86_64.rpm
kernel-tools-3.10.0-229.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-tools-libs-3.10.0-229.el7.x86_64.rpm
perf-3.10.0-229.el7.x86_64.rpm
perf-debuginfo-3.10.0-229.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-229.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-229.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-229.el7.x86_64.rpm
perf-debuginfo-3.10.0-229.el7.x86_64.rpm
python-perf-3.10.0-229.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-229.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
kernel-3.10.0-229.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-229.el7.noarch.rpm
kernel-doc-3.10.0-229.el7.noarch.rpm

ppc64:
kernel-3.10.0-229.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-229.el7.ppc64.rpm
kernel-debug-3.10.0-229.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-229.el7.ppc64.rpm
kernel-debug-devel-3.10.0-229.el7.ppc64.rpm
kernel-debuginfo-3.10.0-229.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-229.el7.ppc64.rpm
kernel-devel-3.10.0-229.el7.ppc64.rpm
kernel-headers-3.10.0-229.el7.ppc64.rpm
kernel-tools-3.10.0-229.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-229.el7.ppc64.rpm
kernel-tools-libs-3.10.0-229.el7.ppc64.rpm
perf-3.10.0-229.el7.ppc64.rpm
perf-debuginfo-3.10.0-229.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-229.el7.ppc64.rpm

s390x:
kernel-3.10.0-229.el7.s390x.rpm
kernel-debug-3.10.0-229.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-229.el7.s390x.rpm
kernel-debug-devel-3.10.0-229.el7.s390x.rpm
kernel-debuginfo-3.10.0-229.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-229.el7.s390x.rpm
kernel-devel-3.10.0-229.el7.s390x.rpm
kernel-headers-3.10.0-229.el7.s390x.rpm
kernel-kdump-3.10.0-229.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-229.el7.s390x.rpm
kernel-kdump-devel-3.10.0-229.el7.s390x.rpm
perf-3.10.0-229.el7.s390x.rpm
perf-debuginfo-3.10.0-229.el7.s390x.rpm
python-perf-debuginfo-3.10.0-229.el7.s390x.rpm

x86_64:
kernel-3.10.0-229.el7.x86_64.rpm
kernel-debug-3.10.0-229.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-debug-devel-3.10.0-229.el7.x86_64.rpm
kernel-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-229.el7.x86_64.rpm
kernel-devel-3.10.0-229.el7.x86_64.rpm
kernel-headers-3.10.0-229.el7.x86_64.rpm
kernel-tools-3.10.0-229.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-tools-libs-3.10.0-229.el7.x86_64.rpm
perf-3.10.0-229.el7.x86_64.rpm
perf-debuginfo-3.10.0-229.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-229.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:
kernel-debug-debuginfo-3.10.0-229.el7.ppc64.rpm
kernel-debuginfo-3.10.0-229.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-229.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-229.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-229.el7.ppc64.rpm
perf-debuginfo-3.10.0-229.el7.ppc64.rpm
python-perf-3.10.0-229.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-229.el7.ppc64.rpm

s390x:
kernel-debug-debuginfo-3.10.0-229.el7.s390x.rpm
kernel-debuginfo-3.10.0-229.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-229.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-229.el7.s390x.rpm
perf-debuginfo-3.10.0-229.el7.s390x.rpm
python-perf-3.10.0-229.el7.s390x.rpm
python-perf-debuginfo-3.10.0-229.el7.s390x.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-229.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-229.el7.x86_64.rpm
perf-debuginfo-3.10.0-229.el7.x86_64.rpm
python-perf-3.10.0-229.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-229.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
kernel-3.10.0-229.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-229.el7.noarch.rpm
kernel-doc-3.10.0-229.el7.noarch.rpm

x86_64:
kernel-3.10.0-229.el7.x86_64.rpm
kernel-debug-3.10.0-229.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-debug-devel-3.10.0-229.el7.x86_64.rpm
kernel-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-229.el7.x86_64.rpm
kernel-devel-3.10.0-229.el7.x86_64.rpm
kernel-headers-3.10.0-229.el7.x86_64.rpm
kernel-tools-3.10.0-229.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-tools-libs-3.10.0-229.el7.x86_64.rpm
perf-3.10.0-229.el7.x86_64.rpm
perf-debuginfo-3.10.0-229.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-229.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-229.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-229.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-229.el7.x86_64.rpm
perf-debuginfo-3.10.0-229.el7.x86_64.rpm
python-perf-3.10.0-229.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-229.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2014-3690
https://access.redhat.com/security/cve/CVE-2014-3940
https://access.redhat.com/security/cve/CVE-2014-7825
https://access.redhat.com/security/cve/CVE-2014-7826
https://access.redhat.com/security/cve/CVE-2014-8086
https://access.redhat.com/security/cve/CVE-2014-8160
https://access.redhat.com/security/cve/CVE-2014-8172
https://access.redhat.com/security/cve/CVE-2014-8173
https://access.redhat.com/security/cve/CVE-2014-8709
https://access.redhat.com/security/cve/CVE-2014-8884
https://access.redhat.com/security/cve/CVE-2015-0274
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/articles/1352803

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFU+GmuXlSAg2UNWIIRAsuVAJ0cw57y0gf8PHaHBm+h2iMw579L0QCgj2Yx
RbiWM5G7puiwtgziJ75pAwM=
=0gV7
-----END PGP SIGNATURE-----


--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close