(RHSA-2014:1318) Moderate: Red Hat Enterprise MRG Realtime 2.5 security and enhancement update

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation
IT infrastructure for enterprise computing. MRG offers increased
performance, reliability, interoperability, and faster computing for
enterprise customers.

MRG Realtime provides the highest levels of predictability for consistent
low-latency response times to meet the needs of time-sensitive workloads.
MRG Realtime also provides new levels of determinism by optimizing lengthy
kernel code paths to ensure that they do not become bottlenecks. This
allows for better prioritization of applications, resulting in consistent,
predictable response times for high-priority applications.

• An out-of-bounds write flaw was found in the way the Apple Magic
  Mouse/Trackpad multi-touch driver handled Human Interface Device (HID)
  reports with an invalid size. An attacker with physical access to the
  system could use this flaw to crash the system or, potentially, escalate
  their privileges on the system. (CVE-2014-3181, Moderate)

• A memory corruption flaw was found in the way the USB ConnectTech
  WhiteHEAT serial driver processed completion commands sent via USB Request
  Blocks buffers. An attacker with physical access to the system could use
  this flaw to crash the system or, potentially, escalate their privileges on
  the system. (CVE-2014-3185, Moderate)

• A race condition flaw was found in the way the Linux kernel’s mmap(2),
  madvise(2), and fallocate(2) system calls interacted with each other while
  operating on virtual memory file system files. A local user could use this
  flaw to cause a denial of service. (CVE-2014-4171, Moderate)

• A stack overflow flaw caused by infinite recursion was found in the way
  the Linux kernel’s Universal Disk Format (UDF) file system implementation
  processed indirect Information Control Blocks (ICBs). An attacker with
  physical access to the system could use a specially crafted UDF image to
  crash the system. (CVE-2014-6410, Low)

• An out-of-bounds read flaw was found in the way the Logitech Unifying
  receiver driver handled HID reports with an invalid device_index value.
  An attacker with physical access to the system could use this flaw to crash
  the system or, potentially, escalate their privileges on the system.
  (CVE-2014-3182, Low)

• Multiple out-of-bounds write flaws were found in the way the Cherry
  Cymotion keyboard driver, KYE/Genius device drivers, Logitech device
  drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote
  control driver, and Sunplus wireless desktop driver handled HID reports
  with an invalid report descriptor size. An attacker with physical access to
  the system could use either of these flaws to write data past an allocated
  memory buffer. (CVE-2014-3184, Low)

• It was found that the parse_rock_ridge_inode_internal() function of the
  Linux kernel’s ISOFS implementation did not correctly check relocated
  directories when processing Rock Ridge child link (CL) tags. An attacker
  with physical access to the system could use a specially crafted ISO image
  to crash the system or, potentially, escalate their privileges on the
  system. (CVE-2014-5471, CVE-2014-5472, Low)

This update also adds the following enhancement:

• The Solarflare SFC9120 10GBE Ethernet NICs were not supported by the MRG
  Realtime kernel. With this update, the drivers have been updated to enable
  the Solarflare SFC9120 cards on the Realtime kernel. (BZ#1086945)

All Red Hat Enterprise MRG Realtime users are advised to upgrade to these
updated packages, which contain backported patches to correct these issues
and add this enhancement.