Overview

File _patchinfo of Package patchinfo.2877

<patchinfo>
  <issue id="873374" tracker="bnc">VUL-0: CVE-2014-2851: kernel: net: ping: refcount issue in ping_init_sock() function</issue>
  <issue id="880892" tracker="bnc">VUL-0: CVE-2014-3153: kernel: Exploitable futex vulnerability</issue>
  <issue id="870173" tracker="bnc">VUL-0: CVE-2014-0055: kernel: vhost-net: insufficient handling of error conditions in get_rx_bufs()</issue>
  <issue id="870576" tracker="bnc">VUL-1: CVE-2014-0077: kernel: vhost-net: insufficiency in handling of big packets in handle_rx()</issue>
  <issue id="878274" tracker="bnc">memory cgroup controller: memory.force_empty will get deprecated</issue>
  <issue id="869563" tracker="bnc">VUL-1: CVE-2013-7339: kernel: rds: NULL ptr dereference issue in rds_ib_laddr_check</issue>
  <issue id="876102" tracker="bnc">VUL-0: CVE-2014-3122: Kernel: mm: try_to_unmap_cluster() should lock_page() before mlocking</issue>
  <issue id="871561" tracker="bnc">VUL-0: CVE-2014-2678: kernel: net: rds: dereference of a NULL device in rds_iw_laddr_check()</issue>
  <issue id="CVE-2014-3122" tracker="cve" />
  <issue id="CVE-2014-2678" tracker="cve" />
  <issue id="CVE-2014-0077" tracker="cve" />
  <issue id="CVE-2014-0055" tracker="cve" />
  <issue id="CVE-2014-3153" tracker="cve" />
  <issue id="CVE-2014-2851" tracker="cve" />
  <issue id="CVE-2013-7339" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>msmeissn</packager>
  <description>
The Linux kernel was updated to fix security issues and bugs:

Security issues fixed:
CVE-2014-3153: The futex_requeue function in kernel/futex.c in the Linux
kernel did not ensure that calls have two different futex addresses,
which allowed local users to gain privileges via a crafted FUTEX_REQUEUE
command that facilitates unsafe waiter modification.

CVE-2014-0077: drivers/vhost/net.c in the Linux kernel, when mergeable
buffers are disabled, did not properly validate packet lengths, which
allowed guest OS users to cause a denial of service (memory corruption
and host OS crash) or possibly gain privileges on the host OS via crafted
packets, related to the handle_rx and get_rx_bufs functions.

CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the
vhost-net subsystem in the Linux kernel package did not properly handle
vhost_get_vq_desc errors, which allowed guest OS users to cause a denial
of service (host OS crash) via unspecified vectors.

CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in the
Linux kernel allowed local users to cause a denial of service (NULL
pointer dereference and system crash) or possibly have unspecified other
impact via a bind system call for an RDS socket on a system that lacks
RDS transports.

CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the
Linux kernel allowed local users to cause a denial of service (NULL
pointer dereference and system crash) or possibly have unspecified other
impact via a bind system call for an RDS socket on a system that lacks
RDS transports.

CVE-2014-2851: Integer overflow in the ping_init_sock function in
net/ipv4/ping.c in the Linux kernel allowed local users to cause a denial
of service (use-after-free and system crash) or possibly gain privileges
via a crafted application that leverages an improperly managed reference
counter.

CVE-2014-3122: The try_to_unmap_cluster function in mm/rmap.c in the Linux
kernel did not properly consider which pages must be locked, which allowed
local users to cause a denial of service (system crash) by triggering
a memory-usage pattern that requires removal of page-table mappings.

Bugs fixed:
- memcg: deprecate memory.force_empty knob (bnc#878274).

</description>
  <summary>kernel: security and bugfix release</summary>
  <reboot_needed/>
</patchinfo>
openSUSE Build Service is sponsored by
Places