User login
Qlustar: Install and enjoy!

[QSA-0316151] Linux kernel vulnerabilities

Qlustar Security Advisory 0316151

March 16, 2015


Summary:

The system could crash or be made to run programs as an administrator.


Package(s)       : linux-image-ql-generic,
    qlustar-module-core-trusty-amd64-9.0.1,
    qlustar-module-core-wheezy-amd64-9.0.1,
    qlustar-module-core-precise-amd64-8.1.2,
    qlustar-module-core-wheezy-amd64-8.1.2
Qlustar releases : 9.0, 8.1
Affected versions: All versions prior to this update
Vulnerability    : privilege escalation/denial of service
Problem type     : local
Qlustar-specific : no
CVE Id(s)        : CVE-2015-1573, CVE-2015-1421, CVE-2015-1465,
    CVE-2014-9090, CVE-2014-8159, CVE-2014-8133, CVE-2014-8559

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problem:

CVE-2015-1573

A flaw was found in the nft_flush_table function in the Linux kernel netfilter tables implementation. The kernel would panic if it was commanded to flush rules referencing chains that had already been deleted. A local attacker with the CAP_NET_ADMIN capability could use this to panic (denial of service) a system if they were able to flush an effected chain.

CVE-2015-1421

An use after free flaw was found in the Linux kernel SCTP implementation handled auth keys reference counting during INIT collisions. A remote user could use this flaw to crash the system or, though unlikely, escalate their privileges on the system.

CVE-2015-1465

It was found that routing packets to too many different dsts/too fast can lead to a excessive resource consumption. A remote attacker can use this flaw to crash the system.

CVE-2014-9090

The do_double_fault function in arch/x86/kernel/traps.c does not properly handle faults associated with the Stack Segment (SS) segment register when espfix64 is involved, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite.

CVE-2014-8159

It was discovered that the Linux kernel's Infiniband subsystem did not properly sanitize its input parameters while registering memory regions from userspace. A local user could exploit this flaw to cause a denial of service (system crash) or to potentially gain administrative privileges.

CVE-2014-8133

Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory.

CVE-2014-8559

A flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang).

Update instructions:

The problem can be corrected by updating your system to the following or more recent package versions (follow the Qlustar Update Guide):

linux-image-ql-generic                     3.12.38-ql-generic-50
qlustar-module-core-trusty-amd64-9.0.1     9.0.1.0-b448f960
qlustar-module-core-wheezy-amd64-9.0.1     9.0.1.0-b448f960
qlustar-module-core-precise-amd64-8.1.2    8.1.2.7-b440f961
qlustar-module-core-wheezy-amd64-8.1.2     8.1.2.7-b440f961
glqxz9283 sfy39587stf02 mnesdcuix8
sfy39587stf03
sfy39587p08