ALT-BU-2014-2808-1
Branch c7 update bulletin.
Package kernel-image-un-def updated to version 3.14.5-alt1 for branch c7 in task 120750.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2014-7284
The net_get_random_once implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attackers to spoof or disrupt IP communication by leveraging the predictability of TCP sequence numbers, TCP and UDP port numbers, and IP ID values.
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d4405226d27b3a215e4d03cfa51f536244e5de7
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5
- [oss-security] 20141001 CVE Request: linux kernel net_get_random_once bug
- https://bugzilla.redhat.com/show_bug.cgi?id=1148788
- https://github.com/torvalds/linux/commit/3d4405226d27b3a215e4d03cfa51f536244e5de7
- https://web.archive.org/web/20141002163852/http://secondlookforensics.com/ngro-linux-kernel-bug/
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d4405226d27b3a215e4d03cfa51f536244e5de7
- https://web.archive.org/web/20141002163852/http://secondlookforensics.com/ngro-linux-kernel-bug/
- https://github.com/torvalds/linux/commit/3d4405226d27b3a215e4d03cfa51f536244e5de7
- https://bugzilla.redhat.com/show_bug.cgi?id=1148788
- [oss-security] 20141001 CVE Request: linux kernel net_get_random_once bug
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5
Modified: 2024-11-21
CVE-2014-9715
include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment.
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=223b02d923ecd7c84cf9780bb3686f455d279279
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=223b02d923ecd7c84cf9780bb3686f455d279279
- [netfilter-devel] 20140526 OOPS NULL pointer dereference in nf_nat_setup_info+0x471 (reproductible, 3.14.4)
- [netfilter-devel] 20140526 OOPS NULL pointer dereference in nf_nat_setup_info+0x471 (reproductible, 3.14.4)
- RHSA-2015:1534
- RHSA-2015:1534
- RHSA-2015:1564
- RHSA-2015:1564
- DSA-3237
- DSA-3237
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5
- [oss-security] 20150407 CVE request netfilter connection tracking accounting.
- [oss-security] 20150407 CVE request netfilter connection tracking accounting.
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- 73953
- 73953
- 1032415
- 1032415
- https://bugzilla.redhat.com/show_bug.cgi?id=1208684
- https://bugzilla.redhat.com/show_bug.cgi?id=1208684
- https://github.com/torvalds/linux/commit/223b02d923ecd7c84cf9780bb3686f455d279279
- https://github.com/torvalds/linux/commit/223b02d923ecd7c84cf9780bb3686f455d279279