kernel-3.10.0-229.11.1.el7
エラータID: AXSA:2015-468:02
リリース日:
2015/09/15 Tuesday - 17:12
題名:
kernel-3.10.0-229.11.1.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
With this release, following issues have been fixed:
CVE-2014-9715
CVE-2015-2666
CVE-2015-2922
CVE-2015-3636
解決策:
Update packages.
CVE:
CVE-2014-9715
include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment.
include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment.
CVE-2015-2666
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.
CVE-2015-2922
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.
CVE-2015-3636
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.
追加情報:
N/A
ダウンロード:
SRPMS
- kernel-3.10.0-229.11.1.el7.src.rpm
MD5: 9b6cbcdd0fa8c22dd496cf2a2b561acd
SHA-256: ed58654b697a082e2d6a21a1c7763f9192771a1be1a11a38c28fa7b060cb6565
Size: 76.43 MB
Asianux Server 7 for x86_64
- kernel-3.10.0-229.11.1.el7.x86_64.rpm
MD5: bb806ece4bbc81c85c3358a92ca3df02
SHA-256: f4c5ef02829a45553801539cdc313acab350339e2aa704320fc56b4fe71d32ce
Size: 30.92 MB - kernel-abi-whitelists-3.10.0-229.11.1.el7.noarch.rpm
MD5: 34a39845370cf83ae9e9d7a3f8f9ff00
SHA-256: 2f32a1fa9ea41f19276655681bc9b2c14d4ea247854d04cffefeeeebfe42769c
Size: 1.44 MB - kernel-debug-3.10.0-229.11.1.el7.x86_64.rpm
MD5: 657f8ec40138a50a420ca9c241862383
SHA-256: 52c5e918201f850c2ea7dc656da5da17081a0c91dd9ae3e24fd3232511b9ddcf
Size: 32.46 MB - kernel-debug-devel-3.10.0-229.11.1.el7.x86_64.rpm
MD5: c40df3fce8f6cfc3275419ea5c20f55c
SHA-256: 3b6cb9ed9e1692470eb4b4afac990cf768806f40a4a82c1a7d20968d88d89b17
Size: 9.95 MB - kernel-devel-3.10.0-229.11.1.el7.x86_64.rpm
MD5: f62628e3bde6350d1b36b775418d09f0
SHA-256: cf055783efa9d9dea6b2fe0d4f365e0ec743cc448880a20a1068a930ec864ab2
Size: 9.89 MB - kernel-doc-3.10.0-229.11.1.el7.noarch.rpm
MD5: 686467c04b67ae364791bc026e563185
SHA-256: f188e4f78154f45cf479f46ce0eafb1118ed7dcd1284d36d9d61f09f7ef49fe9
Size: 12.57 MB - kernel-headers-3.10.0-229.11.1.el7.x86_64.rpm
MD5: ec5284bd3cfae9d8a2c45a2e59bb4a28
SHA-256: 76ff99ceb91fe6fb8f68d4e09d928dcea496d66f647ba457d2da4ab987154fac
Size: 2.29 MB - kernel-tools-3.10.0-229.11.1.el7.x86_64.rpm
MD5: 71748881be0269b040606a0a3f421f7b
SHA-256: 612309b5f95dbf79ee6d0fe5e88a4c390ac001e427cca0ef9c0369cfbc72e509
Size: 1.51 MB - kernel-tools-libs-3.10.0-229.11.1.el7.x86_64.rpm
MD5: 9e8ae85efafe41832d48b4f8564914cc
SHA-256: 2eeedfbd9b4fa9240130f6438dc4ba2b65f870c499a0b8bc33b03033d38309f2
Size: 1.44 MB - perf-3.10.0-229.11.1.el7.x86_64.rpm
MD5: 8bdfa22f2a10f9ed0a8e76f1f6659185
SHA-256: bf7450148df03f3195b5985eda2de717086e08b4443ebdb94b86225ccc464e63
Size: 2.37 MB