unbreakable enterprise kernel security update

kernel-uek 2.6.32-400.36.6uek - filter: prevent nla extensions to peek beyond the end of the message Mathias Krause Orabug: 19315783 CVE-2014-3144 CVE-2014-3145 - futex: Forbid uaddr == uaddr2 in futexwaitrequeuepi Darren Hart Orabug: 19315318 CVE-2012-6647 2.6.32-400.36.5uek - ntty: Fix nttywrit...

Kernel: futex: forbid uaddr == uaddr2 in futex_wait_requeue_pi()

A NULL pointer dereference flaw was found in the way the futexwaitrequeuepi function of the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. A local, unprivileged user could use this flaw to crash the system...

kernel: futex: pi futexes requeue issue

A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system...

kernel: futex: pi futexes requeue issue

A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system...

kernel: futex: pi futexes requeue issue

A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance PI futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system...

Updated kernel packages fixes security vulnerabilities

The kernel has been updated to the upstream 3.10.44 longterm kernel, and fixes the following security issues: The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to...

DEBIAN-CVE-2014-3153

The futexrequeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEXREQUEUE command that facilitates unsafe waiter modification...

UBUNTU-CVE-2014-3153

The futexrequeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEXREQUEUE command that facilitates unsafe waiter modification...

DEBIAN-CVE-2012-6647

The futexwaitrequeuepi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via a crafted...

PT-2014-2415 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.5.1 Description: The issue is related to the futex wait requeue pi function in the Linux kernel, which does not properly validate futex addresses. This can be exploited by local users to cause a denial of...

UBUNTU-CVE-2012-6647

The futexwaitrequeuepi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via a crafted...

PT-2014-9084 · Linux +5 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: openSUSE versions prior to the fixed version Linux kernel versions through 3.14.5 Description: The issue is related to a vulnerability in the Linux kernel, specifically in the futex requeue function, which does not ensure that calls have two...