Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Bonnie King <bonniek-13hema8v3vg <at> public.gmane.org>
Subject: Security ERRATA Moderate: kernel on SL6.x i386/x86_64
Newsgroups: gmane.linux.scientific.errata
Date: Wednesday 17th July 2013 16:44:41 UTC (over 3 years ago)
Synopsis:          Moderate: kernel security and bug fix update
Advisory ID:       SLSA-2013:1051-1
Issue Date:        2013-07-16
CVE Numbers:       CVE-2013-0914
                   CVE-2013-1848
                   CVE-2013-2634
                   CVE-2013-2635
                   CVE-2013-3222
                   CVE-2013-3224
                   CVE-2013-3225
                   CVE-2012-6548
                   CVE-2013-3301
                   CVE-2013-2128
                   CVE-2013-2852
--

This update fixes the following security issues:

* A flaw was found in the tcp_read_sock() function in the Linux kernel's
IPv4 TCP/IP protocol suite implementation in the way socket buffers (skb)
were handled. A local, unprivileged user could trigger this issue via a
call to splice(), leading to a denial of service. (CVE-2013-2128,
Moderate)

* Information leak flaws in the Linux kernel could allow a local,
unprivileged user to leak kernel memory to user-space. (CVE-2012-6548,
CVE-2013-2634, CVE-2013-2635, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225,
Low)

* An information leak was found in the Linux kernel's POSIX signals
implementation. A local, unprivileged user could use this flaw to bypass
the Address Space Layout Randomization (ASLR) security feature.
(CVE-2013-0914, Low)

* A format string flaw was found in the ext3_msg() function in the Linux
kernel's ext3 file system implementation. A local user who is able to
mount an ext3 file system could use this flaw to cause a denial of service
or, potentially, escalate their privileges. (CVE-2013-1848, Low)

* A format string flaw was found in the b43_do_request_fw() function in
the Linux kernel's b43 driver implementation. A local user who is able to
specify the "fwpostfix" b43 module parameter could use this flaw to cause
a denial of service or, potentially, escalate their privileges.
(CVE-2013-2852, Low)

* A NULL pointer dereference flaw was found in the Linux kernel's ftrace
and function tracer implementations. A local user who has the
CAP_SYS_ADMIN capability could use this flaw to cause a denial of service.
(CVE-2013-3301, Low)

The system must be rebooted for this update to take effect.
--

SL6
  x86_64
    kernel-2.6.32-358.14.1.el6.x86_64.rpm
    kernel-debug-2.6.32-358.14.1.el6.x86_64.rpm
    kernel-debug-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm
    kernel-debug-devel-2.6.32-358.14.1.el6.x86_64.rpm
    kernel-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm
    kernel-debuginfo-common-x86_64-2.6.32-358.14.1.el6.x86_64.rpm
    kernel-devel-2.6.32-358.14.1.el6.x86_64.rpm
    kernel-headers-2.6.32-358.14.1.el6.x86_64.rpm
    perf-2.6.32-358.14.1.el6.x86_64.rpm
    perf-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm
    python-perf-debuginfo-2.6.32-358.14.1.el6.x86_64.rpm
    python-perf-2.6.32-358.14.1.el6.x86_64.rpm
  i386
    kernel-2.6.32-358.14.1.el6.i686.rpm
    kernel-debug-2.6.32-358.14.1.el6.i686.rpm
    kernel-debug-debuginfo-2.6.32-358.14.1.el6.i686.rpm
    kernel-debug-devel-2.6.32-358.14.1.el6.i686.rpm
    kernel-debuginfo-2.6.32-358.14.1.el6.i686.rpm
    kernel-debuginfo-common-i686-2.6.32-358.14.1.el6.i686.rpm
    kernel-devel-2.6.32-358.14.1.el6.i686.rpm
    kernel-headers-2.6.32-358.14.1.el6.i686.rpm
    perf-2.6.32-358.14.1.el6.i686.rpm
    perf-debuginfo-2.6.32-358.14.1.el6.i686.rpm
    python-perf-debuginfo-2.6.32-358.14.1.el6.i686.rpm
    python-perf-2.6.32-358.14.1.el6.i686.rpm
  noarch
    kernel-doc-2.6.32-358.14.1.el6.noarch.rpm
    kernel-firmware-2.6.32-358.14.1.el6.noarch.rpm

- Scientific Linux Development Team
 
CD: 3ms