Security update, RHSA-2014:1392-2
Update to 2.6.32-504 (the latest upstream version at the time of writing).
Fixes the following issues:
* CVE-2014-4699: x86_64: ptrace: sysret to non-canonical address (impact: important, local privilege escalation/DoS)
* CVE-2014-0205: futex: refcount issue in case of requeue (impact: important, local privilege escalation)
* CVE-2014-3153: futex: pi futexes requeue issue (impact: important, local privilege escalation)
* CVE-2014-2851: net: ping: refcount issue in ping_init_sock() function (impact: important, local privilege escalation/DoS)
* CVE-2014-4943: net: pppol2tp: level handling in pppol2tp_[s,g]etsockopt() (impact: important)
* CVE-2014-3535: net: NULL pointer dereference over VxLAN (impact: important, remote DoS)
* CVE-2014-1737: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command (impact: important)
* CVE-2014-1738: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command (impact: important)
* CVE-2013-2596: integer overflow in fb_mmap (impact: important)
* CVE-2014-5077: net: SCTP: fix a NULL pointer dereference during INIT collisions (impact: important)
* CVE-2012-6647: futex: forbid uaddr == uaddr2 in futex_wait_requeue_pi() (impact: moderate, local DoS)
* CVE-2013-4483: ipc: ipc_rcu_putref refcount races (impact: moderate)
* CVE-2013-7339: net: rds: dereference of a NULL device in rds_ib_laddr_check() (impact: moderate)
* CVE-2014-0181: net: insufficient permision checks of netlink messages (impact: moderate)
* CVE-2014-0203: fs: slab corruption due to the invalid last component type during do_filp_open() (impact: moderate)
* CVE-2014-2039: s390: crash due to linkage stack instructions (impact: moderate)
* CVE-2014-2672: net: ath9k: tid->sched race in ath_tx_aggr_sleep() (impact: moderate)
* CVE-2014-2678: net: rds: dereference of a NULL device in rds_iw_laddr_check() (impact: moderate, local DoS)
* CVE-2014-2706: net: mac80211: crash dues to AP powersave TX vs. wakeup race (impact: moderate)
* CVE-2014-3122: mm: try_to_unmap_cluster() should lock_page() before mlocking (impact: moderate)
* CVE-2014-3144: filter: prevent nla extensions to peek beyond the end of the message (impact: moderate)
* CVE-2014-3145: filter: prevent nla extensions to peek beyond the end of the message (impact: moderate)
* CVE-2014-3601: kvm: invalid parameter passing in kvm_iommu_map_pages() (impact: moderate)
* CVE-2014-3917: DoS with syscall auditing (impact: moderate, local DoS)
* CVE-2014-4653: ALSA: control: do not access controls outside of protected regions (impact: moderate)
* CVE-2014-4654: ALSA: control: use-after-free in replacing user controls (impact: moderate)
* CVE-2014-4655: ALSA: control: use-after-free in replacing user controls (impact: moderate)
* CVE-2014-4667: net: sctp: sk_ack_backlog wrap-around problem (impact: moderate)
* CVE-2014-5045: vfs: refcount issues during unmount on symlink (impact: moderate)
* CVE-2014-1874: SELinux: local denial-of-service (requires CAP_MAC_ADMIN) (impact: low)
* CVE-2013-6378: drivers: libertas: potential oops in debugfs (impact: low)
* CVE-2014-4608: lzo1x_decompress_safe() integer overflow (impact: low)
Related-bug: #
1381386
Related-bug: #
1334769
Change-Id: Iccc4340230059369b0893ca5443553dff9361d02
Code Review / packages / centos6 / kernel.git / commit