The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.
A NULL pointer dereference flaw was found in the way the Linux kernel’s
Stream Control Transmission Protocol (SCTP) implementation handled
simultaneous connections between the same hosts. A remote attacker could
use this flaw to crash the system. (CVE-2014-5077, Important)
Multiple use-after-free flaws and an integer overflow flaw were found in
the way the Linux kernel’s Advanced Linux Sound Architecture (ALSA)
implementation handled user controls. A local, privileged user could use
either of these flaws to crash the system. (CVE-2014-4653, CVE-2014-4654,
CVE-2014-4655, CVE-2014-4656, Moderate)
An information leak flaw was found in the way the Linux kernel’s Advanced
Linux Sound Architecture (ALSA) implementation handled access of the user
control’s state. A local, privileged user could use this flaw to leak
kernel memory to user space. (CVE-2014-4652, Low)
This update also fixes the following bug:
Users are advised to upgrade to these updated packages, which upgrade the
kernel-rt kernel to version kernel-rt-3.10.33-rt32.45 and correct these
issues. The system must be rebooted for this update to take effect.