kernel-2.6.32-431.17.1.el6
エラータID: AXSA:2014-441:02
リリース日:
2014/07/09 Wednesday - 14:02
題名:
kernel-2.6.32-431.17.1.el6
影響のあるチャネル:
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Update]
- drivers/scsi/aacraid/linit.c の aac_compat_ioctl 関数には、CAP_SYS_RAWIO ケーパビリティを必要としないため、ローカルユーザにより、巧妙に細工された ioctl コールを介して、アクセス制限を回避される脆弱性が存在します。(CVE-2013-6383)
- drivers/vhost/net.c には、マージ可能なバッファが無効な場合、パケット長を適切に検証しないため、巧妙に細工されたパケットを介して、ゲスト OS ユーザにより、サービス運用妨害 (メモリ破損およびホスト OS クラッシュ) 状態にされる、または権限を取得される脆弱性が存在します。(CVE-2014-0077)
- net/netfilter/nf_conntrack_proto_dccp.c には、DCCP ヘッダポインタを不適切に使用するため、第三者により、(1) dccp_new 関数、(2) dccp_packet 関数、または (3) dccp_error 関数の呼び出しを誘発する DCCP パケットを介して、サービス運用妨害 (システムクラッシュ) 状態にされる、または任意のコードを実行される脆弱性が存在します。(CVE-2014-2523)
一部 CVE の翻訳文は JVN からの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2013-6383
The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call.
The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call.
CVE-2014-0077
drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.
drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.
CVE-2014-2523
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
追加情報:
N/A
ダウンロード:
SRPMS
- kernel-2.6.32-431.17.1.el6.src.rpm
MD5: ff1b44545e893c0b78a985427ac27792
SHA-256: 99829f3f1c7ff5de32442e535e4a7eb0236797cf65d57ffa6b66ea0e02452d57
Size: 91.08 MB
Asianux Server 4 for x86
- kernel-2.6.32-431.17.1.el6.i686.rpm
MD5: 21f19093bafaea822b69140c410b01cf
SHA-256: 5d8587fb4714e5d6df538ee09e811295fec6d080c7f6e052b720bc62542ec7a0
Size: 25.59 MB - kernel-abi-whitelists-2.6.32-431.17.1.el6.noarch.rpm
MD5: 94fd2d7f59c721b64306651115ce07d7
SHA-256: 85efa6915cdc75f0e58033fa6686bcc7dd12b54e561d8ab5998e38b79b67d356
Size: 2.15 MB - kernel-debug-2.6.32-431.17.1.el6.i686.rpm
MD5: e5289fad9641603dc2607fbf3575131e
SHA-256: 54324c8b99bd3ac18ba16e685d2265f8ed8b31af49adc89c04613fe1a981c215
Size: 26.18 MB - kernel-debug-devel-2.6.32-431.17.1.el6.i686.rpm
MD5: fb3851a90ff2b60af2840cfc06d9e581
SHA-256: 2242f55768c79ebc6ada1b74b7b08f5f5a5e008bcf2e13aeeec8280e554caf8e
Size: 8.78 MB - kernel-devel-2.6.32-431.17.1.el6.i686.rpm
MD5: c24f55709b5d69a7a3a0be6d50c2349f
SHA-256: 956f8b845ef3faec91eac5cdde65cd1c2665119f4d43b8e259971a8328b8a846
Size: 8.73 MB - kernel-doc-2.6.32-431.17.1.el6.noarch.rpm
MD5: 2e29b014b195e9b73ec49d467989bc29
SHA-256: d04727324045999fbd92affbea397509467e02e17360ab5b7553afe5eff3d44a
Size: 10.53 MB - kernel-firmware-2.6.32-431.17.1.el6.noarch.rpm
MD5: cba142ec54bd2217cc27e5c98973026f
SHA-256: 19e36f3d67367d13751dd2524375455e1820146ea6c77a7d7249bb4e70ed79ec
Size: 12.99 MB - kernel-headers-2.6.32-431.17.1.el6.i686.rpm
MD5: 1c02742a3d8bae8b4f21e2eeaae147b3
SHA-256: 2a3ec2f197b56c79c5a5db41d34d6e2cb6d3f4dc2846a41c2e3866d49b32b7c9
Size: 2.85 MB - perf-2.6.32-431.17.1.el6.i686.rpm
MD5: deabd2e173090e049ba20fb0f9a68d82
SHA-256: 28778e167f6f652f86524e6979f1a6af8977fb5d83c1f70ca2e56ceb93ac8dbe
Size: 2.92 MB
Asianux Server 4 for x86_64
- kernel-2.6.32-431.17.1.el6.x86_64.rpm
MD5: 9cfe7563dae8ceba22a67db466f21fcd
SHA-256: c036bf7f35b2be83f017392968790f5c2497d71e16e89e671ec9796635fd1d7f
Size: 27.72 MB - kernel-abi-whitelists-2.6.32-431.17.1.el6.noarch.rpm
MD5: fcc3efcb71d004eb3bef1544c0d83b59
SHA-256: d67b762afd945a500005de0d28134aae7633d72ccd7fc6ce9879105b6ba3bc7f
Size: 2.15 MB - kernel-debug-2.6.32-431.17.1.el6.x86_64.rpm
MD5: 2601881e223a46adf6829627dbe40d3b
SHA-256: d5ea032aab985e1c25cd74b90ef67d702aaa69706c53dbd112beb15fc1c774e5
Size: 28.40 MB - kernel-debug-devel-2.6.32-431.17.1.el6.x86_64.rpm
MD5: fce53a56df8984bde8f4374981cef690
SHA-256: 672bb8733f5f421bc0d14038f9e102754074d059cd39758795d9cff9ec56aa2d
Size: 8.82 MB - kernel-devel-2.6.32-431.17.1.el6.x86_64.rpm
MD5: 39197701ef75c384a2fddeb702c8c6d0
SHA-256: d8cba10e1c0042d391e080e1ac2fd3f2260ca1bbdeb2a765aa1f28576319906c
Size: 8.78 MB - kernel-doc-2.6.32-431.17.1.el6.noarch.rpm
MD5: d716ce05cfa561b1481a717890da84af
SHA-256: 39f7989180affa3ac4b803950ca392605df8dbc09cf8f55c2c9917935da37939
Size: 10.53 MB - kernel-firmware-2.6.32-431.17.1.el6.noarch.rpm
MD5: 17eee67a8cca51e1ae755b87ffec28e6
SHA-256: 261bb95e01c65f07f15b28ef1155c4e0ca9c68536a521f632714ccd05a0dc493
Size: 12.99 MB - kernel-headers-2.6.32-431.17.1.el6.x86_64.rpm
MD5: 525362e8d310f0d4c60f8801b5c854b1
SHA-256: e641ca99d59c364d8946bd9894c910b03ad7335a4c649ac3307ec1a5a177a475
Size: 2.85 MB - perf-2.6.32-431.17.1.el6.x86_64.rpm
MD5: 8d2cbe68be30ef4cba09d470de84a539
SHA-256: b0bb86bf0a8096fc6ea27ab8ab5f09f9d56a664c1463e2eacca380a62c0ebe50
Size: 2.89 MB