CentOS Linux Kernel Update 2.6.32-504.16.2 Released

CentOS 6 Linux kernel 2.6.32-504.16.2 was released on 22 April. Update type(s): security Resolved CVEs: CVE-2014-3215 CVE-2014-3690 CVE-2014-7825 CVE-2014-7826 CVE-2014-8171 CVE-2014-8884 CVE-2014-9529 CVE-2014-9584 CVE-2015-1421 * A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid() ... Read More...

CentOS Linux Kernel Update 2.6.32-504.8.1 Released

CentOS 6 Linux kernel 2.6.32-504.8.1 has recently been released. Update type(s): security, bug fix Resolved CVEs: CVE-2014-4656 CVE-2014-7841 * A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger ... Read More...

CentOS Linux Kernel Update 2.6.32-504.3.3 Released

CentOS 6 Linux kernel 2.6.32-504.3.3 has recently been released. Update type(s): security, bug fix Resolved CVEs: CVE-2012-6657 CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-5471 CVE-2014-5472 CVE-2014-6410 CVE-2014-9322 * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate ... Read More...

CentOS Linux Kernel Update 2.6.32-504.1.3 Released

CentOS 6 Linux kernel 2.6.32-504.1.3 has recently been released. Update type(s): security, bug fix Resolved CVEs: CVE-2014-3185 CVE-2014-3611 CVE-2014-3645 CVE-2014-3646 * A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611, Important) * ... Read More...

Criticical BASH vulnerability discovered – update BASH on your CentOS Linux server now!

Update #3 - Unsurprisingly with all the attention that BASH is now receiving, additional vulnerabilities (CVE-2014-7186 and CVE-2014-7187) have been discovered. They are currently unresolved. For a more detailed write-up, see: http://www.itnews.com.au/News/396256,further-flaws-render-shellshock-patch-ineffective.aspx - when there are updates available to resolve these issues, I will update this post.   Update #2 - A new BASH ... Read More...