Koozali.org: home of the SME Server

Security Update - Moderate - RH EL5 - Kernel package

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Security Update - Moderate - RH EL5 - Kernel package
« on: December 04, 2014, 10:50:36 PM »
Red Hat has released a security update for EL5 that will apply
to SME8.1

Update will be available from upstream repos as appropriate.

For full notice go to: https://rhn.redhat.com/errata/RHSA-2014-1959.html

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: kernel security and bug fix update
Advisory ID:       RHSA-2014:1959-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2014-1959.html
Issue date:        2014-12-04
CVE Names:         CVE-2014-0181
=====================================================================

1. Summary:

Updated kernel packages that fix one security issue and three bugs are now
available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Moderate security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* It was found that the permission checks performed by the Linux kernel
when a netlink message was received were not sufficient. A local,
unprivileged user could potentially bypass these restrictions by passing a
netlink socket as stdout or stderr to a more privileged process and
altering the output of this process. (CVE-2014-0181, Moderate)
--
qui scribit bis legit