ALT-PU-2015-1060-1
Package kernel-image-un-def updated to version 3.18.3-alt1 for branch p7 in task 138804.
Closed vulnerabilities
Published: 2015-01-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-9529
Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.
References:
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a3a8784454692dd72e5d5d34dcdab17b4420e74c
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a3a8784454692dd72e5d5d34dcdab17b4420e74c
- FEDORA-2015-0517
- FEDORA-2015-0517
- FEDORA-2015-0515
- FEDORA-2015-0515
- openSUSE-SU-2015:0714
- openSUSE-SU-2015:0714
- RHSA-2015:0864
- RHSA-2015:0864
- RHSA-2015:1137
- RHSA-2015:1137
- RHSA-2015:1138
- RHSA-2015:1138
- DSA-3128
- DSA-3128
- MDVSA-2015:058
- MDVSA-2015:058
- [oss-security] 20150106 CVE-2014-9529 - Linux kernel security/keys/gc.c race condition
- [oss-security] 20150106 CVE-2014-9529 - Linux kernel security/keys/gc.c race condition
- 71880
- 71880
- 1036763
- 1036763
- USN-2511-1
- USN-2511-1
- USN-2512-1
- USN-2512-1
- USN-2513-1
- USN-2513-1
- USN-2514-1
- USN-2514-1
- USN-2515-1
- USN-2515-1
- USN-2516-1
- USN-2516-1
- USN-2517-1
- USN-2517-1
- USN-2518-1
- USN-2518-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1179813
- https://bugzilla.redhat.com/show_bug.cgi?id=1179813
- linux-kernel-cve20149529-dos(99641)
- linux-kernel-cve20149529-dos(99641)
- https://github.com/torvalds/linux/commit/a3a8784454692dd72e5d5d34dcdab17b4420e74c
- https://github.com/torvalds/linux/commit/a3a8784454692dd72e5d5d34dcdab17b4420e74c
Published: 2015-01-10
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-9585
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.
Severity: LOW (2.1)
References:
- http://git.kernel.org/?p=linux/kernel/git/luto/linux.git%3Ba=commit%3Bh=bc3b94c31d65e761ddfe150d02932c65971b74e2
- http://git.kernel.org/?p=linux/kernel/git/luto/linux.git%3Ba=commit%3Bh=bc3b94c31d65e761ddfe150d02932c65971b74e2
- http://git.kernel.org/?p=linux/kernel/git/tip/tip.git%3Ba=commit%3Bh=fbe1bf140671619508dfa575d74a185ae53c5dbb
- http://git.kernel.org/?p=linux/kernel/git/tip/tip.git%3Ba=commit%3Bh=fbe1bf140671619508dfa575d74a185ae53c5dbb
- FEDORA-2015-0937
- FEDORA-2015-0937
- SUSE-SU-2015:0178
- SUSE-SU-2015:0178
- SUSE-SU-2015:0481
- SUSE-SU-2015:0481
- openSUSE-SU-2015:0566
- openSUSE-SU-2015:0566
- SUSE-SU-2015:0652
- SUSE-SU-2015:0652
- openSUSE-SU-2015:0714
- openSUSE-SU-2015:0714
- SUSE-SU-2015:0736
- SUSE-SU-2015:0736
- RHSA-2015:1081
- RHSA-2015:1081
- RHSA-2015:1778
- RHSA-2015:1778
- RHSA-2015:1787
- RHSA-2015:1787
- http://v0ids3curity.blogspot.in/2014/12/return-to-vdso-using-elf-auxiliary.html
- http://v0ids3curity.blogspot.in/2014/12/return-to-vdso-using-elf-auxiliary.html
- DSA-3170
- DSA-3170
- MDVSA-2015:058
- MDVSA-2015:058
- [oss-security] 20141209 PIE bypass using VDSO ASLR weakness
- [oss-security] 20141209 PIE bypass using VDSO ASLR weakness
- [oss-security] 20150109 Re: PIE bypass using VDSO ASLR weakness - Linux kernel
- [oss-security] 20150109 Re: PIE bypass using VDSO ASLR weakness - Linux kernel
- 71990
- 71990
- USN-2513-1
- USN-2513-1
- USN-2514-1
- USN-2514-1
- USN-2515-1
- USN-2515-1
- USN-2516-1
- USN-2516-1
- USN-2517-1
- USN-2517-1
- USN-2518-1
- USN-2518-1