Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2014:1167
HistorySep 09, 2014 - 12:00 a.m.

(RHSA-2014:1167) Important: kernel security and bug fix update

2014-09-0900:00:00
access.redhat.com
36

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.072 Low

EPSS

Percentile

93.0%

JSON

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

  • A flaw was found in the way the Linux kernel’s futex subsystem handled
    reference counting when requeuing futexes during futex_wait(). A local,
    unprivileged user could use this flaw to zero out the reference counter of
    an inode or an mm struct that backs up the memory area of the futex, which
    could lead to a use-after-free flaw, resulting in a system crash or,
    potentially, privilege escalation. (CVE-2014-0205, Important)

  • A NULL pointer dereference flaw was found in the way the Linux kernel’s
    networking implementation handled logging while processing certain invalid
    packets coming in via a VxLAN interface. A remote attacker could use this
    flaw to crash the system by sending a specially crafted packet to such an
    interface. (CVE-2014-3535, Important)

  • An out-of-bounds memory access flaw was found in the Linux kernel’s
    system call auditing implementation. On a system with existing audit rules
    defined, a local, unprivileged user could use this flaw to leak kernel
    memory to user space or, potentially, crash the system. (CVE-2014-3917,
    Moderate)

  • An integer underflow flaw was found in the way the Linux kernel’s Stream
    Control Transmission Protocol (SCTP) implementation processed certain
    COOKIE_ECHO packets. By sending a specially crafted SCTP packet, a remote
    attacker could use this flaw to prevent legitimate connections to a
    particular SCTP server socket to be made. (CVE-2014-4667, Moderate)

Red Hat would like to thank Gopal Reddy Kodudula of Nokia Siemens Networks
for reporting CVE-2014-4667. The security impact of the CVE-2014-0205 issue
was discovered by Mateusz Guzik of Red Hat.

This update also fixes several bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.

All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.

OSVersionArchitecturePackageVersionFilename
RedHat6i686python-perf< 2.6.32-431.29.2.el6python-perf-2.6.32-431.29.2.el6.i686.rpm
RedHat6ppc64kernel-bootwrapper< 2.6.32-431.29.2.el6kernel-bootwrapper-2.6.32-431.29.2.el6.ppc64.rpm
RedHat6x86_64python-perf< 2.6.32-431.29.2.el6python-perf-2.6.32-431.29.2.el6.x86_64.rpm
RedHat6ppc64kernel-debuginfo-common-ppc64< 2.6.32-431.29.2.el6kernel-debuginfo-common-ppc64-2.6.32-431.29.2.el6.ppc64.rpm
RedHat6s390xperf-debuginfo< 2.6.32-431.29.2.el6perf-debuginfo-2.6.32-431.29.2.el6.s390x.rpm
RedHat6s390xkernel-kdump-debuginfo< 2.6.32-431.29.2.el6kernel-kdump-debuginfo-2.6.32-431.29.2.el6.s390x.rpm
RedHat6ppc64python-perf-debuginfo< 2.6.32-431.29.2.el6python-perf-debuginfo-2.6.32-431.29.2.el6.ppc64.rpm
RedHat6ppc64python-perf< 2.6.32-431.29.2.el6python-perf-2.6.32-431.29.2.el6.ppc64.rpm
RedHat6s390xpython-perf< 2.6.32-431.29.2.el6python-perf-2.6.32-431.29.2.el6.s390x.rpm
RedHat6i686kernel-debug-devel< 2.6.32-431.29.2.el6kernel-debug-devel-2.6.32-431.29.2.el6.i686.rpm
Rows per page:
1-10 of 561

Related

nessus 53
openvas 55
centos 4
f5 4
oraclelinux 15
prion 4
ubuntucve 4
debiancve 4
cve 4
redhat 7
altlinux 1
securityvulns 5
ubuntu 14
debian 2
osv 2
veracode 7
mageia 7
kitploit 1
suse 5
ibm 1
nessus
nessus
Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20140909)
2014-09-10 00:00:00
CentOS 6 : kernel (CESA-2014:1167)
2014-09-10 00:00:00
Oracle Linux 6 : kernel (ELSA-2014-1167)
2014-09-10 00:00:00
openvas
openvas
RedHat Update for kernel RHSA-2014:1167-01
2014-09-10 00:00:00
CentOS Update for kernel CESA-2014:1167 centos6
2014-09-10 00:00:00
Oracle: Security Advisory (ELSA-2014-1167)
2015-10-06 00:00:00
centos
centos
kernel, perf, python security update
2014-09-09 23:10:17
kernel, perf, python security update
2014-09-23 05:23:08
kernel security update
2014-09-04 07:18:06
f5
f5
K15680 : Linux kernel vulnerabilities CVE-2014-3917, CVE-2014-0205 and CVE-2014-4667
2015-09-17 00:00:00
SOL15680 - Linux kernel vulnerabilities CVE-2014-3917, CVE-2014-0205 and CVE-2014-4667
2014-10-09 00:00:00
SOL16781 - Linux kernel vulnerability CVE-2014-3535
2015-06-26 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2014-09-09 00:00:00
unbreakable enterprise kernel security update
2014-09-10 00:00:00
unbreakable enterprise kernel security update
2014-08-11 00:00:00
prion
prion
Null pointer dereference
2014-09-28 19:55:00
Code injection
2014-07-03 04:22:00
Denial of service
2014-06-05 17:55:00
ubuntucve
ubuntucve
CVE-2014-3535
2014-09-28 00:00:00
CVE-2014-4667
2014-07-03 00:00:00
CVE-2014-3917
2014-06-05 00:00:00
debiancve
debiancve
CVE-2014-3535
2014-09-28 19:55:00
CVE-2014-4667
2014-07-03 04:22:00
CVE-2014-0205
2014-09-28 19:55:00
cve
cve
CVE-2014-4667
2014-07-03 04:22:00
CVE-2014-3535
2014-09-28 19:55:00
CVE-2014-3917
2014-06-05 17:55:00
redhat
redhat
(RHSA-2014:1168) Important: rhev-hypervisor6 security and bug fix update
2014-09-09 00:00:00
(RHSA-2014:1143) Moderate: kernel security and bug fix update
2014-09-03 00:00:00
(RHSA-2014:1365) Important: kernel security and bug fix update
2014-10-07 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt24
2014-06-20 00:00:00
securityvulns
securityvulns
Linux syscall auditing DoS
2014-06-13 00:00:00
[USN-2289-1] Linux kernel vulnerabilities
2014-07-21 00:00:00
[USN-2332-1] Linux kernel vulnerabilities
2014-09-03 00:00:00
ubuntu
ubuntu
Linux kernel (Trusty HWE) vulnerability
2014-08-13 00:00:00
Linux kernel vulnerability
2014-08-13 00:00:00
Linux kernel (EC2) vulnerabilities
2014-07-16 00:00:00
debian
debian
[SECURITY] [DSA 2992-1] linux security update
2014-07-29 06:42:00
[SECURITY] [DSA 2992-1] linux security update
2014-07-29 06:42:00
osv
osv
linux - security update
2014-07-29 00:00:00
linux-2.6 - security update
2014-07-12 00:00:00
veracode
veracode
Information Disclosure
2019-05-02 05:03:36
Information Disclosure
2019-05-02 05:03:36
Privilege Escalation
2019-05-02 05:03:36
mageia
mageia
Updated kernel packages fixes security vulnerabilities.
2014-06-19 00:50:01
Updated kernel packages fixes security vulnerabilities
2014-06-23 01:13:23
Updated kernel-tmb package fixes security vulnerabilities
2014-08-18 13:14:56
kitploit
kitploit
Tails 1.1.1 - The Amnesic Incognito Live System
2014-09-09 02:58:00
suse
suse
kernel: security and bugfix update (important)
2014-08-11 12:04:19
kernel: security and bugfix update (important)
2014-08-01 15:04:21
Security update for the Linux Kernel (important)
2014-09-16 19:04:20
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System Manager (FSM) SMIA Configuration Tool. (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2014-0205, CVE-2014-0206)
2019-01-31 01:55:01

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.072 Low

EPSS

Percentile

93.0%

JSON
Related for RHSA-2014:1167
nessus53openvas55centos4f54oraclelinux15prion4ubuntucve4debiancve4cve4redhat7altlinux1securityvulns5ubuntu14debian2osv2veracode7mageia7kitploit1suse5ibm1