Red.Hat.Update.for.Kernel.RHSA-2014-0475

description-logoDescription

The kernel packages contain the Linux kernel, the core of any Linux operating system.
The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (CVE-2013-6383)
drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. (CVE-2014-0077)
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function. (CVE-2014-2523)

affected-products-logoAffected Products

Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.5)
Red Hat Enterprise Linux Server EUS (v. 6.5.z)
Red Hat Enterprise Linux Workstation (v. 6)

Impact logoImpact

The vulnerabilities could allow an attacker to gain unauthorized access to sensitive information, or allow them to change the contents or configuration of a vulnerable system.

recomended-action-logoRecommended Actions

Please download and apply patches as instructed in http://rhn.redhat.com/errata/RHSA-2014-0475.html .

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)