CentOS 6.6 has been released - read the CentOS 6.6 Release Notes here. To update CentOS, run the following command: Review the list of packages to be updated, and then accept when you are ready to upgrade to CentOS 6.6 To download the CentOS 6.6 ISOs - see our Downloads page. ... Read More...
Administration
Update #3 - Unsurprisingly with all the attention that BASH is now receiving, additional vulnerabilities (CVE-2014-7186 and CVE-2014-7187) have been discovered. They are currently unresolved. For a more detailed write-up, see: http://www.itnews.com.au/News/396256,further-flaws-render-shellshock-patch-ineffective.aspx - when there are updates available to resolve these issues, I will update this post. Update #2 - A new BASH ... Read More...
CentOS 6 Linux kernel 2.6.32-431.29.2 has recently been released. Update type(s): security Resolved CVEs: CVE-2014-0205 CVE-2014-3535 CVE-2014-3917 CVE-2014-4667 * A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs ... Read More...
CentOS 6 Linux kernel 2.6.32-431.23.3 has just been released. Update type(s): security, bug fix, enhancement Resolved CVEs: CVE-2012-6647 CVE-2013-7339 CVE-2014-2672 CVE-2014-2678 CVE-2014-2706 CVE-2014-2851 CVE-2014-3144 CVE-2014-3145 * A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. ... Read More...
CentOS 7 Linux kernel 2.6.32-431.20.5 has just been released. Update type(s): security Resolved CVEs: CVE-2014-4699 CVE-2014-4943 * It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this ... Read More...
CentOS 6 Linux kernel 2.6.32-431.20.5 has just been released. Update type(s): security Resolved CVEs: CVE-2014-4699 CVE-2014-4943 * It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to ... Read More...