ALT-PU-2014-1730-1
Package kernel-image-un-def updated to version 3.14.5-alt1 for branch t7 in task 120869.
Closed vulnerabilities
Modified: 2025-04-12
CVE-2014-7284
The net_get_random_once implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attackers to spoof or disrupt IP communication by leveraging the predictability of TCP sequence numbers, TCP and UDP port numbers, and IP ID values.
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d4405226d27b3a215e4d03cfa51f536244e5de7
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5
- http://www.openwall.com/lists/oss-security/2014/10/01/19
- https://bugzilla.redhat.com/show_bug.cgi?id=1148788
- https://github.com/torvalds/linux/commit/3d4405226d27b3a215e4d03cfa51f536244e5de7
- https://web.archive.org/web/20141002163852/http://secondlookforensics.com/ngro-linux-kernel-bug/
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d4405226d27b3a215e4d03cfa51f536244e5de7
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5
- http://www.openwall.com/lists/oss-security/2014/10/01/19
- https://bugzilla.redhat.com/show_bug.cgi?id=1148788
- https://github.com/torvalds/linux/commit/3d4405226d27b3a215e4d03cfa51f536244e5de7
- https://web.archive.org/web/20141002163852/http://secondlookforensics.com/ngro-linux-kernel-bug/
Modified: 2025-04-12
CVE-2014-9715
include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment.
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=223b02d923ecd7c84cf9780bb3686f455d279279
- http://marc.info/?l=netfilter-devel&m=140112364215200&w=2
- http://rhn.redhat.com/errata/RHSA-2015-1534.html
- http://rhn.redhat.com/errata/RHSA-2015-1564.html
- http://www.debian.org/security/2015/dsa-3237
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5
- http://www.openwall.com/lists/oss-security/2015/04/08/1
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/bid/73953
- http://www.securitytracker.com/id/1032415
- https://bugzilla.redhat.com/show_bug.cgi?id=1208684
- https://github.com/torvalds/linux/commit/223b02d923ecd7c84cf9780bb3686f455d279279
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=223b02d923ecd7c84cf9780bb3686f455d279279
- http://marc.info/?l=netfilter-devel&m=140112364215200&w=2
- http://rhn.redhat.com/errata/RHSA-2015-1534.html
- http://rhn.redhat.com/errata/RHSA-2015-1564.html
- http://www.debian.org/security/2015/dsa-3237
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5
- http://www.openwall.com/lists/oss-security/2015/04/08/1
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/bid/73953
- http://www.securitytracker.com/id/1032415
- https://bugzilla.redhat.com/show_bug.cgi?id=1208684
- https://github.com/torvalds/linux/commit/223b02d923ecd7c84cf9780bb3686f455d279279