-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2015:1272-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1272.html Issue date: 2015-07-22 Updated on: 2015-01-12 CVE Names: CVE-2014-3184 CVE-2014-3940 CVE-2014-4652 CVE-2014-8133 CVE-2014-8709 CVE-2014-9683 CVE-2015-0239 CVE-2015-3339 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the seventh regular update. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way Linux kernel's Transparent Huge Pages (THP) implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugepages. (CVE-2014-3940, Moderate) * A buffer overflow flaw was found in the way the Linux kernel's eCryptfs implementation decoded encrypted file names. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-9683, Moderate) * A race condition flaw was found between the chown and execve system calls. When changing the owner of a setuid user binary to root, the race condition could momentarily make the binary setuid root. A local, unprivileged user could potentially use this flaw to escalate their privileges on the system. (CVE-2015-3339, Moderate) * Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled HID reports with an invalid report descriptor size. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer. (CVE-2014-3184, Low) * An information leak flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled access of the user control's state. A local, privileged user could use this flaw to leak kernel memory to user space. (CVE-2014-4652, Low) * It was found that the espfix functionality could be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks), and using that segment on the stack. A local, unprivileged user could potentially use this flaw to leak kernel stack addresses. (CVE-2014-8133, Low) * An information leak flaw was found in the Linux kernel's IEEE 802.11 wireless networking implementation. When software encryption was used, a remote attacker could use this flaw to leak up to 8 bytes of plaintext. (CVE-2014-8709, Low) * It was found that the Linux kernel KVM subsystem's sysenter instruction emulation was not sufficient. An unprivileged guest user could use this flaw to escalate their privileges by tricking the hypervisor to emulate a SYSENTER instruction in 16-bit mode, if the guest OS did not initialize the SYSENTER model-specific registers (MSRs). Note: Certified guest operating systems for Red Hat Enterprise Linux with KVM do initialize the SYSENTER MSRs and are thus not vulnerable to this issue when running on a KVM hypervisor. (CVE-2015-0239, Low) Red Hat would like to thank Andy Lutomirski for reporting the CVE-2014-8133 issue, and Nadav Amit for reporting the CVE-2015-0239 issue. This update fixes several hundred bugs and adds numerous enhancements. Refer to the Red Hat Enterprise Linux 6.7 Release Notes for information on the most significant of these changes, and the following Knowledgebase article for further information: https://access.redhat.com/articles/1466073 All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 734360 - "opcontrol --deinit" cause kernel panic inside guest os. 840708 - misleading (typo) print for "max_report_luns" 986761 - guest kernel will print many "serial8250: too much work for irq3" when using kvm with isa-serial 1025868 - kernel panic when installing RHEL4 with Opteron G3 CPU model 1066702 - Hugepage allocations hang on numa nodes with insufficient memory 1104097 - CVE-2014-3940 Kernel: missing check during hugepage migration 1113406 - CVE-2014-4652 Kernel: ALSA: control: protect user controls against races & memory disclosure 1115545 - NFS4: remove incorrect "Lock reclaim failed!" warning when delegations are used 1116398 - RHEV-H crashes and reboots when ksmd (MOM) is enabled 1141391 - CVE-2014-3184 Kernel: HID: off by one error in various _report_fixup routines 1144128 - FUSE: Scheduling while atomic OOPSes when using inval_entry 1145751 - kvm_clock lacks protection against tsc going backwards 1150510 - kernel ignores ACPI memory devices (PNP0C80) present at boot time 1156661 - Kernel crash when unmounting Ext4 filesystem 1171317 - xfs may crash after unmount if a log write is delayed 1172797 - CVE-2014-8133 kernel: x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS 1173580 - CVE-2014-8709 kernel: net: mac80211: plain text information leak 1183773 - clock_event_device:min_delta_ns can overflow and can never go down 1186448 - CVE-2015-0239 kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code 1187940 - Regression: Loading memory mapped files does not use the optimal sized (large) I/O any more in kernel 2.6.32-504.3.3.el6.x86_64 1193830 - CVE-2014-9683 kernel: buffer overflow in eCryptfs 1196319 - Backport the dm-switch target to RHEL 6 1200541 - Reset socket ignored when socket state is LAST-ACK and connection state is SYN-SENT 1208065 - O_TRUNC ignored on NFS file with invalid cache entry 1214030 - CVE-2015-3339 kernel: race condition between chown() and execve() 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-573.el6.src.rpm i386: kernel-2.6.32-573.el6.i686.rpm kernel-debug-2.6.32-573.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.el6.i686.rpm kernel-debug-devel-2.6.32-573.el6.i686.rpm kernel-debuginfo-2.6.32-573.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.el6.i686.rpm kernel-devel-2.6.32-573.el6.i686.rpm kernel-headers-2.6.32-573.el6.i686.rpm perf-2.6.32-573.el6.i686.rpm perf-debuginfo-2.6.32-573.el6.i686.rpm python-perf-debuginfo-2.6.32-573.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-573.el6.noarch.rpm kernel-doc-2.6.32-573.el6.noarch.rpm kernel-firmware-2.6.32-573.el6.noarch.rpm x86_64: kernel-2.6.32-573.el6.x86_64.rpm kernel-debug-2.6.32-573.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.el6.i686.rpm kernel-debug-devel-2.6.32-573.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.el6.i686.rpm kernel-debuginfo-2.6.32-573.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.el6.x86_64.rpm kernel-devel-2.6.32-573.el6.x86_64.rpm kernel-headers-2.6.32-573.el6.x86_64.rpm perf-2.6.32-573.el6.x86_64.rpm perf-debuginfo-2.6.32-573.el6.i686.rpm perf-debuginfo-2.6.32-573.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.el6.i686.rpm python-perf-debuginfo-2.6.32-573.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-573.el6.i686.rpm kernel-debuginfo-2.6.32-573.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.el6.i686.rpm perf-debuginfo-2.6.32-573.el6.i686.rpm python-perf-2.6.32-573.el6.i686.rpm python-perf-debuginfo-2.6.32-573.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-573.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.el6.x86_64.rpm perf-debuginfo-2.6.32-573.el6.x86_64.rpm python-perf-2.6.32-573.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-573.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-573.el6.noarch.rpm kernel-doc-2.6.32-573.el6.noarch.rpm kernel-firmware-2.6.32-573.el6.noarch.rpm x86_64: kernel-2.6.32-573.el6.x86_64.rpm kernel-debug-2.6.32-573.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.el6.i686.rpm kernel-debug-devel-2.6.32-573.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.el6.i686.rpm kernel-debuginfo-2.6.32-573.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.el6.x86_64.rpm kernel-devel-2.6.32-573.el6.x86_64.rpm kernel-headers-2.6.32-573.el6.x86_64.rpm perf-2.6.32-573.el6.x86_64.rpm perf-debuginfo-2.6.32-573.el6.i686.rpm perf-debuginfo-2.6.32-573.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.el6.i686.rpm python-perf-debuginfo-2.6.32-573.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-573.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.el6.x86_64.rpm perf-debuginfo-2.6.32-573.el6.x86_64.rpm python-perf-2.6.32-573.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-573.el6.src.rpm i386: kernel-2.6.32-573.el6.i686.rpm kernel-debug-2.6.32-573.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.el6.i686.rpm kernel-debug-devel-2.6.32-573.el6.i686.rpm kernel-debuginfo-2.6.32-573.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.el6.i686.rpm kernel-devel-2.6.32-573.el6.i686.rpm kernel-headers-2.6.32-573.el6.i686.rpm perf-2.6.32-573.el6.i686.rpm perf-debuginfo-2.6.32-573.el6.i686.rpm python-perf-debuginfo-2.6.32-573.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-573.el6.noarch.rpm kernel-doc-2.6.32-573.el6.noarch.rpm kernel-firmware-2.6.32-573.el6.noarch.rpm ppc64: kernel-2.6.32-573.el6.ppc64.rpm kernel-bootwrapper-2.6.32-573.el6.ppc64.rpm kernel-debug-2.6.32-573.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-573.el6.ppc64.rpm kernel-debug-devel-2.6.32-573.el6.ppc64.rpm kernel-debuginfo-2.6.32-573.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-573.el6.ppc64.rpm kernel-devel-2.6.32-573.el6.ppc64.rpm kernel-headers-2.6.32-573.el6.ppc64.rpm perf-2.6.32-573.el6.ppc64.rpm perf-debuginfo-2.6.32-573.el6.ppc64.rpm python-perf-debuginfo-2.6.32-573.el6.ppc64.rpm s390x: kernel-2.6.32-573.el6.s390x.rpm kernel-debug-2.6.32-573.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-573.el6.s390x.rpm kernel-debug-devel-2.6.32-573.el6.s390x.rpm kernel-debuginfo-2.6.32-573.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-573.el6.s390x.rpm kernel-devel-2.6.32-573.el6.s390x.rpm kernel-headers-2.6.32-573.el6.s390x.rpm kernel-kdump-2.6.32-573.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-573.el6.s390x.rpm kernel-kdump-devel-2.6.32-573.el6.s390x.rpm perf-2.6.32-573.el6.s390x.rpm perf-debuginfo-2.6.32-573.el6.s390x.rpm python-perf-debuginfo-2.6.32-573.el6.s390x.rpm x86_64: kernel-2.6.32-573.el6.x86_64.rpm kernel-debug-2.6.32-573.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.el6.i686.rpm kernel-debug-devel-2.6.32-573.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.el6.i686.rpm kernel-debuginfo-2.6.32-573.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.el6.x86_64.rpm kernel-devel-2.6.32-573.el6.x86_64.rpm kernel-headers-2.6.32-573.el6.x86_64.rpm perf-2.6.32-573.el6.x86_64.rpm perf-debuginfo-2.6.32-573.el6.i686.rpm perf-debuginfo-2.6.32-573.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.el6.i686.rpm python-perf-debuginfo-2.6.32-573.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-573.el6.i686.rpm kernel-debuginfo-2.6.32-573.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.el6.i686.rpm perf-debuginfo-2.6.32-573.el6.i686.rpm python-perf-2.6.32-573.el6.i686.rpm python-perf-debuginfo-2.6.32-573.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-573.el6.ppc64.rpm kernel-debuginfo-2.6.32-573.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-573.el6.ppc64.rpm perf-debuginfo-2.6.32-573.el6.ppc64.rpm python-perf-2.6.32-573.el6.ppc64.rpm python-perf-debuginfo-2.6.32-573.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-573.el6.s390x.rpm kernel-debuginfo-2.6.32-573.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-573.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-573.el6.s390x.rpm perf-debuginfo-2.6.32-573.el6.s390x.rpm python-perf-2.6.32-573.el6.s390x.rpm python-perf-debuginfo-2.6.32-573.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-573.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.el6.x86_64.rpm perf-debuginfo-2.6.32-573.el6.x86_64.rpm python-perf-2.6.32-573.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-573.el6.src.rpm i386: kernel-2.6.32-573.el6.i686.rpm kernel-debug-2.6.32-573.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.el6.i686.rpm kernel-debug-devel-2.6.32-573.el6.i686.rpm kernel-debuginfo-2.6.32-573.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.el6.i686.rpm kernel-devel-2.6.32-573.el6.i686.rpm kernel-headers-2.6.32-573.el6.i686.rpm perf-2.6.32-573.el6.i686.rpm perf-debuginfo-2.6.32-573.el6.i686.rpm python-perf-debuginfo-2.6.32-573.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-573.el6.noarch.rpm kernel-doc-2.6.32-573.el6.noarch.rpm kernel-firmware-2.6.32-573.el6.noarch.rpm x86_64: kernel-2.6.32-573.el6.x86_64.rpm kernel-debug-2.6.32-573.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-573.el6.i686.rpm kernel-debug-debuginfo-2.6.32-573.el6.x86_64.rpm kernel-debug-devel-2.6.32-573.el6.i686.rpm kernel-debug-devel-2.6.32-573.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.el6.i686.rpm kernel-debuginfo-2.6.32-573.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-573.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-573.el6.x86_64.rpm kernel-devel-2.6.32-573.el6.x86_64.rpm kernel-headers-2.6.32-573.el6.x86_64.rpm perf-2.6.32-573.el6.x86_64.rpm perf-debuginfo-2.6.32-573.el6.i686.rpm perf-debuginfo-2.6.32-573.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.el6.i686.rpm python-perf-debuginfo-2.6.32-573.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-573.el6.i686.rpm kernel-debuginfo-2.6.32-573.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-573.el6.i686.rpm perf-debuginfo-2.6.32-573.el6.i686.rpm python-perf-2.6.32-573.el6.i686.rpm python-perf-debuginfo-2.6.32-573.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-573.el6.x86_64.rpm kernel-debuginfo-2.6.32-573.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-573.el6.x86_64.rpm perf-debuginfo-2.6.32-573.el6.x86_64.rpm python-perf-2.6.32-573.el6.x86_64.rpm python-perf-debuginfo-2.6.32-573.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-3184 https://access.redhat.com/security/cve/CVE-2014-3940 https://access.redhat.com/security/cve/CVE-2014-4652 https://access.redhat.com/security/cve/CVE-2014-8133 https://access.redhat.com/security/cve/CVE-2014-8709 https://access.redhat.com/security/cve/CVE-2014-9683 https://access.redhat.com/security/cve/CVE-2015-0239 https://access.redhat.com/security/cve/CVE-2015-3339 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/articles/1466073 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVrzTRXlSAg2UNWIIRAuMoAKCdM22Fjbq4liPP0n4IrSdD0uZG/wCfcBZ7 AuD0gbXmegcZfF4suxZ4rwo= =XJDi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce