kernel-3.10.0-229.7.2.el7

エラータID: AXSA:2015-216:01

リリース日: 
2015/07/25 Saturday - 13:50
題名: 
kernel-3.10.0-229.7.2.el7
影響のあるチャネル: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.

Security issues fixed with this release:

CVE-2014-9420
The rock_continue function in fs/isofs/rock.c in the Linux kernel
through 3.18.1 does not restrict the number of Rock Ridge continuation
entries, which allows local users to cause a denial of service
(infinite loop, and system crash or hang) via a crafted iso9660 image.

CVE-2014-9529
Race condition in the key_gc_unused_keys function in
security/keys/gc.c in the Linux kernel through 3.18.2 allows local
users to cause a denial of service (memory corruption or panic) or
possibly have unspecified other impact via keyctl commands that
trigger access to a key structure member during garbage collection of
a key.

CVE-2014-9584
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the
Linux kernel before 3.18.2 does not validate a length value in the
Extensions Reference (ER) System Use Field, which allows local users
to obtain sensitive information from kernel memory via a crafted
iso9660 image.

CVE-2015-1573
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

CVE-2015-1593
The stack randomization feature in the Linux kernel before 3.19.1 on
64-bit platforms uses incorrect data types for the results of bitwise
left-shift operations, which makes it easier for attackers to bypass
the ASLR protection mechanism by predicting the address of the top of
the stack, related to the randomize_stack_top function in
fs/binfmt_elf.c and the stack_maxrandom_size function in
arch/x86/mm/mmap.c.

CVE-2015-1805
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

CVE-2015-2830
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not
prevent the TS_COMPAT flag from reaching a user-mode task, which might
allow local users to bypass the seccomp or audit protection mechanism
via a crafted application that uses the (1) fork or (2) close system
call, as demonstrated by an attack against seccomp before 3.16.

Version-Release number of selected component (if applicable):

解決策: 

Update packages.

CVE: 
CVE-2014-9420
The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image.
CVE-2014-9529
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.
CVE-2014-9584
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.
CVE-2015-1573
The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability.
CVE-2015-1593
The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c.
CVE-2015-1805
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."
CVE-2015-2830
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. kernel-3.10.0-229.7.2.el7.src.rpm
    MD5: bccaf1672f1a2f4ffed612d05aff40ce
    SHA-256: 53548947c054275337c6f197cbbdaa6d3394fdd798aa22dedfdd656344360924
    Size: 76.43 MB

Asianux Server 7 for x86_64
  1. kernel-3.10.0-229.7.2.el7.x86_64.rpm
    MD5: 3e26345134c9703d1b2d7cc95df29714
    SHA-256: a8749adb06bf89c5ed0e7175a307e5ed534080a59bda5661fb565bb1e972b771
    Size: 30.91 MB
  2. kernel-abi-whitelists-3.10.0-229.7.2.el7.noarch.rpm
    MD5: 885a86bf5e89e0783c8737b8a71660d5
    SHA-256: a8a3ed2df3ccbf0c847fa217b932f822c8bad43228c23bdf3aedf13a898c4a5f
    Size: 1.44 MB
  3. kernel-debug-3.10.0-229.7.2.el7.x86_64.rpm
    MD5: 760fa09f972a486e8c96819dc76414bb
    SHA-256: 186ac726f61d1364d8a16e0121afd2fe8f7900114e3be58376854020ec20709a
    Size: 32.46 MB
  4. kernel-debug-devel-3.10.0-229.7.2.el7.x86_64.rpm
    MD5: d02d0b18a2ab88e1a9838898a924ab54
    SHA-256: 6601dbf65084a199e71d65fa19a753930b814a9e8b45c764785c799b6ff528cb
    Size: 9.95 MB
  5. kernel-devel-3.10.0-229.7.2.el7.x86_64.rpm
    MD5: 4b03a3bf506c135922c6a84392dca00f
    SHA-256: cc28958d74c339441ef04a0a623d29768f73c748922c60bd18bacef83417a408
    Size: 9.89 MB
  6. kernel-doc-3.10.0-229.7.2.el7.noarch.rpm
    MD5: 997c16da2777054c81fbe87f96aac5d4
    SHA-256: 02bcfc047b6773a024a1d4af5a742b1a13a1a40a2267a751d9bc37e38b73dd91
    Size: 12.57 MB
  7. kernel-headers-3.10.0-229.7.2.el7.x86_64.rpm
    MD5: 245071a9dfba7c606ccfb1da0e1035ea
    SHA-256: 406e06db0bdee34c1b3cb56e3b17cf4509bda0b4255675d2cda7c12c025608ef
    Size: 2.28 MB
  8. kernel-tools-3.10.0-229.7.2.el7.x86_64.rpm
    MD5: 383224eac686cb81a64d43d6fa28bea5
    SHA-256: f5919ae8b8c17bf427a6e87e2b12c2d7faaf94602475e6c17b0176c9deb3d2f9
    Size: 1.51 MB
  9. kernel-tools-libs-3.10.0-229.7.2.el7.x86_64.rpm
    MD5: 3330fa8e8f7173018ac2ce6fdcb78aee
    SHA-256: 42329dfb6bf2e7c021c7b2b32c44f62c8e0829de4d892571608950571f4a9abb
    Size: 1.44 MB
  10. perf-3.10.0-229.7.2.el7.x86_64.rpm
    MD5: 2703ff6ba49a16496fd465d7b3e1a898
    SHA-256: 81ae19a41a7b852a963d285da4f87ddf62bf3135fc0e9966a8776c32d8acc15c
    Size: 2.37 MB