Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.1693 Moderate: Red Hat Enterprise MRG Realtime 2.5 security and enhancement update 30 September 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: MRG Realtime Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 6 Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2014-6410 CVE-2014-5472 CVE-2014-5471 CVE-2014-4171 CVE-2014-3185 CVE-2014-3184 CVE-2014-3182 CVE-2014-3181 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2014-1318.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat Enterprise MRG Realtime 2.5 security and enhancement update Advisory ID: RHSA-2014:1318-01 Product: Red Hat Enterprise MRG for RHEL-6 Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1318.html Issue date: 2014-09-29 CVE Names: CVE-2014-3181 CVE-2014-3182 CVE-2014-3184 CVE-2014-3185 CVE-2014-4171 CVE-2014-5471 CVE-2014-5472 CVE-2014-6410 ===================================================================== 1. Summary: Updated Red Hat Enterprise MRG Realtime packages that fix multiple security issues and add one enhancement are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: MRG Realtime for RHEL 6 Server v.2 - noarch, x86_64 3. Description: Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Realtime provides the highest levels of predictability for consistent low-latency response times to meet the needs of time-sensitive workloads. MRG Realtime also provides new levels of determinism by optimizing lengthy kernel code paths to ensure that they do not become bottlenecks. This allows for better prioritization of applications, resulting in consistent, predictable response times for high-priority applications. * An out-of-bounds write flaw was found in the way the Apple Magic Mouse/Trackpad multi-touch driver handled Human Interface Device (HID) reports with an invalid size. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3181, Moderate) * A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3185, Moderate) * A race condition flaw was found in the way the Linux kernel's mmap(2), madvise(2), and fallocate(2) system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service. (CVE-2014-4171, Moderate) * A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's Universal Disk Format (UDF) file system implementation processed indirect Information Control Blocks (ICBs). An attacker with physical access to the system could use a specially crafted UDF image to crash the system. (CVE-2014-6410, Low) * An out-of-bounds read flaw was found in the way the Logitech Unifying receiver driver handled HID reports with an invalid device_index value. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3182, Low) * Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled HID reports with an invalid report descriptor size. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer. (CVE-2014-3184, Low) * It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low) This update also adds the following enhancement: * The Solarflare SFC9120 10GBE Ethernet NICs were not supported by the MRG Realtime kernel. With this update, the drivers have been updated to enable the Solarflare SFC9120 cards on the Realtime kernel. (BZ#1086945) All Red Hat Enterprise MRG Realtime users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1111180 - CVE-2014-4171 Kernel: mm/shmem: denial of service 1134099 - CVE-2014-5471 CVE-2014-5472 kernel: isofs: unbound recursion when processing relocated directories 1141173 - CVE-2014-3181 Kernel: HID: OOB write in magicmouse driver 1141210 - CVE-2014-3182 Kernel: HID: logitech-dj OOB array access 1141391 - CVE-2014-3184 Kernel: HID: off by one error in various _report_fixup routines 1141400 - CVE-2014-3185 Kernel: USB serial: memory corruption flaw 1141809 - CVE-2014-6410 kernel: udf: Avoid infinite loop when processing indirect ICBs 6. Package List: MRG Realtime for RHEL 6 Server v.2: Source: kernel-rt-3.10.33-rt32.51.el6rt.src.rpm noarch: kernel-rt-doc-3.10.33-rt32.51.el6rt.noarch.rpm kernel-rt-firmware-3.10.33-rt32.51.el6rt.noarch.rpm x86_64: kernel-rt-3.10.33-rt32.51.el6rt.x86_64.rpm kernel-rt-debug-3.10.33-rt32.51.el6rt.x86_64.rpm kernel-rt-debug-debuginfo-3.10.33-rt32.51.el6rt.x86_64.rpm kernel-rt-debug-devel-3.10.33-rt32.51.el6rt.x86_64.rpm kernel-rt-debuginfo-3.10.33-rt32.51.el6rt.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.33-rt32.51.el6rt.x86_64.rpm kernel-rt-devel-3.10.33-rt32.51.el6rt.x86_64.rpm kernel-rt-trace-3.10.33-rt32.51.el6rt.x86_64.rpm kernel-rt-trace-debuginfo-3.10.33-rt32.51.el6rt.x86_64.rpm kernel-rt-trace-devel-3.10.33-rt32.51.el6rt.x86_64.rpm kernel-rt-vanilla-3.10.33-rt32.51.el6rt.x86_64.rpm kernel-rt-vanilla-debuginfo-3.10.33-rt32.51.el6rt.x86_64.rpm kernel-rt-vanilla-devel-3.10.33-rt32.51.el6rt.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-3181.html https://www.redhat.com/security/data/cve/CVE-2014-3182.html https://www.redhat.com/security/data/cve/CVE-2014-3184.html https://www.redhat.com/security/data/cve/CVE-2014-3185.html https://www.redhat.com/security/data/cve/CVE-2014-4171.html https://www.redhat.com/security/data/cve/CVE-2014-5471.html https://www.redhat.com/security/data/cve/CVE-2014-5472.html https://www.redhat.com/security/data/cve/CVE-2014-6410.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUKcEJXlSAg2UNWIIRAt5xAKDE6HYbCtRHan8geA0ycw2QadWrVACgqd86 QNVgU/7HTm5SvQhg6hhGtB8= =ggHn - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVCn2oBLndAQH1ShLAQL/uw//VFljO+4DVDaUThSE/uWwXvBfDtwTc7U2 400y77TgcbLwpYmF47ILr79nGBE+dOUTSWOJZixwnlto7YE6B3KWyCP1NufPl95c q27QwPDjd+4E5MmfIyVXSsC8EkQxtOBviN6913c0ER++AVkwPG0utmL1qOYflVLg mcfH+O9nRB45omGkmjpue2+KaeG3apiUEbtsGHwm2VbgPqv74CIAJem+1gWLa1+n 8/2XIGznErdUuzxyMQ66Tg5zrCZq+F8T5HReVoK7pwAyfJm1Q5yVE8smmT4ujrSP qq4IJ2EgO+2C8Uiistlwsfh0cCeGVHfb7sZ5tG7Blx7CfEK7YL++GqtzB6fTjeYt iKzD2woYkOE7XSfQ7Xz18rSeAh17Ntid21/bN7XeKSSze/l5+y+p1tJG5sARht80 d1heWHheoaqs3bcTD+is2a/+PhqoBjn1cro1wqS6dAIKmmiatQ7Wvgm5d7BsfiCa +4IsTpd562rqzEk26A6UYBqqLfwGJTUaiC0xpRZNIsQ3TA4JOoImq4InBDu2IVdb O0g2VyZBFMNKkq+kcxyN8lJttUmxfbrKbC7U3Q4r9FywYO0HPFXl1VmL4+cbUhoX WN4Kbme5eIsp9d5BzCkEqWs31mVZI8fTnJxgIHzy6aD8L79Mvsv6qJz7fewlvAKj jfu/o4oMT4U= =HBrf -----END PGP SIGNATURE-----