Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2014:1318 - Security Advisory
Issued:
2014-09-29
Updated:
2014-09-29

RHSA-2014:1318 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: Red Hat Enterprise MRG Realtime 2.5 security and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated Red Hat Enterprise MRG Realtime packages that fix multiple security
issues and add one enhancement are now available for Red Hat Enterprise MRG
2.5.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

Description

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation
IT infrastructure for enterprise computing. MRG offers increased
performance, reliability, interoperability, and faster computing for
enterprise customers.

MRG Realtime provides the highest levels of predictability for consistent
low-latency response times to meet the needs of time-sensitive workloads.
MRG Realtime also provides new levels of determinism by optimizing lengthy
kernel code paths to ensure that they do not become bottlenecks. This
allows for better prioritization of applications, resulting in consistent,
predictable response times for high-priority applications.

  • An out-of-bounds write flaw was found in the way the Apple Magic

Mouse/Trackpad multi-touch driver handled Human Interface Device (HID)
reports with an invalid size. An attacker with physical access to the
system could use this flaw to crash the system or, potentially, escalate
their privileges on the system. (CVE-2014-3181, Moderate)

  • A memory corruption flaw was found in the way the USB ConnectTech

WhiteHEAT serial driver processed completion commands sent via USB Request
Blocks buffers. An attacker with physical access to the system could use
this flaw to crash the system or, potentially, escalate their privileges on
the system. (CVE-2014-3185, Moderate)

  • A race condition flaw was found in the way the Linux kernel's mmap(2),

madvise(2), and fallocate(2) system calls interacted with each other while
operating on virtual memory file system files. A local user could use this
flaw to cause a denial of service. (CVE-2014-4171, Moderate)

  • A stack overflow flaw caused by infinite recursion was found in the way

the Linux kernel's Universal Disk Format (UDF) file system implementation
processed indirect Information Control Blocks (ICBs). An attacker with
physical access to the system could use a specially crafted UDF image to
crash the system. (CVE-2014-6410, Low)

  • An out-of-bounds read flaw was found in the way the Logitech Unifying

receiver driver handled HID reports with an invalid device_index value.
An attacker with physical access to the system could use this flaw to crash
the system or, potentially, escalate their privileges on the system.
(CVE-2014-3182, Low)

  • Multiple out-of-bounds write flaws were found in the way the Cherry

Cymotion keyboard driver, KYE/Genius device drivers, Logitech device
drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote
control driver, and Sunplus wireless desktop driver handled HID reports
with an invalid report descriptor size. An attacker with physical access to
the system could use either of these flaws to write data past an allocated
memory buffer. (CVE-2014-3184, Low)

  • It was found that the parse_rock_ridge_inode_internal() function of the

Linux kernel's ISOFS implementation did not correctly check relocated
directories when processing Rock Ridge child link (CL) tags. An attacker
with physical access to the system could use a specially crafted ISO image
to crash the system or, potentially, escalate their privileges on the
system. (CVE-2014-5471, CVE-2014-5472, Low)

This update also adds the following enhancement:

  • The Solarflare SFC9120 10GBE Ethernet NICs were not supported by the MRG

Realtime kernel. With this update, the drivers have been updated to enable
the Solarflare SFC9120 cards on the Realtime kernel. (BZ#1086945)

All Red Hat Enterprise MRG Realtime users are advised to upgrade to these
updated packages, which contain backported patches to correct these issues
and add this enhancement.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Affected Products

  • MRG Realtime 2 x86_64

Fixes

  • BZ - 1111180 - CVE-2014-4171 Kernel: mm/shmem: denial of service
  • BZ - 1134099 - CVE-2014-5471 CVE-2014-5472 kernel: isofs: unbound recursion when processing relocated directories
  • BZ - 1141173 - CVE-2014-3181 Kernel: HID: OOB write in magicmouse driver
  • BZ - 1141210 - CVE-2014-3182 Kernel: HID: logitech-dj OOB array access
  • BZ - 1141391 - CVE-2014-3184 Kernel: HID: off by one error in various _report_fixup routines
  • BZ - 1141400 - CVE-2014-3185 Kernel: USB serial: memory corruption flaw
  • BZ - 1141809 - CVE-2014-6410 kernel: udf: Avoid infinite loop when processing indirect ICBs

CVEs

  • CVE-2014-3181
  • CVE-2014-3182
  • CVE-2014-3184
  • CVE-2014-3185
  • CVE-2014-4171
  • CVE-2014-5471
  • CVE-2014-5472
  • CVE-2014-6410

References

  • http://www.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

MRG Realtime 2

SRPM
kernel-rt-3.10.33-rt32.51.el6rt.src.rpm SHA-256: 21bc91238138de56b2eae5a7c14d5683462429dac28ba73eaaf0a814d8395630
x86_64
kernel-rt-3.10.33-rt32.51.el6rt.x86_64.rpm SHA-256: e5e550689291b5d0467e11458cec6399f5e955fee94d2d1c7311269417ba6f70
kernel-rt-debug-3.10.33-rt32.51.el6rt.x86_64.rpm SHA-256: 39256a793d9dd1b3c86056246a4aff0668634326e17c4c2451714e078b45508f
kernel-rt-debug-debuginfo-3.10.33-rt32.51.el6rt.x86_64.rpm SHA-256: 4ae4979fbb0d2dfc592a23fac4cb53470ca38295c1c855a5e50a504273512251
kernel-rt-debug-devel-3.10.33-rt32.51.el6rt.x86_64.rpm SHA-256: 0b3f9aeedc8d8b6380365cf7dd16f90403199ec90973170c29c98abe3e0e1baa
kernel-rt-debuginfo-3.10.33-rt32.51.el6rt.x86_64.rpm SHA-256: f263ccbb2f2326c7bbc70c876459ebacc3f1c2ab5a90a348456b4b2db4ab1b09
kernel-rt-debuginfo-common-x86_64-3.10.33-rt32.51.el6rt.x86_64.rpm SHA-256: f650d962d3e25183f434dd58596f7fd7765d7af5d11ecc337b6a83e67a7c79e0
kernel-rt-devel-3.10.33-rt32.51.el6rt.x86_64.rpm SHA-256: d1022e7f0286e8d06e9943d0adc64cf73fcd58066a6e057864604ca2f9ec4bbb
kernel-rt-doc-3.10.33-rt32.51.el6rt.noarch.rpm SHA-256: e4b6b246c88cd54184c17e86d8e3d22cde2e4e89624938573ca587d50a309c69
kernel-rt-firmware-3.10.33-rt32.51.el6rt.noarch.rpm SHA-256: 771ef6ebd1e02956b6e39f21f4e07237536d82dfa6dd64b30c39f5d8a8e0dcb5
kernel-rt-trace-3.10.33-rt32.51.el6rt.x86_64.rpm SHA-256: 5547b2f57409832ee40cda2785fc177c88c5003adc996960779d72f581b19950
kernel-rt-trace-debuginfo-3.10.33-rt32.51.el6rt.x86_64.rpm SHA-256: c9b79526767a562ee62589b2991d1d0e31efc2b110fc6d62f1b253a97bc229a3
kernel-rt-trace-devel-3.10.33-rt32.51.el6rt.x86_64.rpm SHA-256: 0c72d7af27c3583cad8cb0c65ac701074d0a9534e23c7428ec76a2d5852f11ea
kernel-rt-vanilla-3.10.33-rt32.51.el6rt.x86_64.rpm SHA-256: 3d4c8984e8724d62513450ae7a733918be309dd7a4dddc3d13f9621f0a2256b9
kernel-rt-vanilla-debuginfo-3.10.33-rt32.51.el6rt.x86_64.rpm SHA-256: f5420120794aa328f692654dffc8926da0223a0b8f0698363802911b8a0432f7
kernel-rt-vanilla-devel-3.10.33-rt32.51.el6rt.x86_64.rpm SHA-256: c772123b5aa90456c9d76e5184516816df4c6e0b3ef86a67344a69c0cbbab34e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter