CentOS Linux Kernel Update 2.6.32-431.29.2 Released

CentOS 6 Linux kernel 2.6.32-431.29.2 has recently been released. Update type(s): security Resolved CVEs: CVE-2014-0205 CVE-2014-3535 CVE-2014-3917 CVE-2014-4667 * A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs ... Read More...

CentOS Linux Kernel Update 2.6.32-431.23.3 Released

CentOS 6 Linux kernel 2.6.32-431.23.3 has just been released. Update type(s): security, bug fix, enhancement Resolved CVEs: CVE-2012-6647 CVE-2013-7339 CVE-2014-2672 CVE-2014-2678 CVE-2014-2706 CVE-2014-2851 CVE-2014-3144 CVE-2014-3145 * A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. ... Read More...

CentOS Linux Kernel Update 2.6.32-431.20.3 Released

CentOS Linux kernel 2.6.32-431.20.3 has just been released. Update type(s): security and bug fix Resolved CVEs: CVE-2013-6378 CVE-2014-0203 CVE-2014-1737 CVE-2014-1738 CVE-2014-1874 CVE-2014-2039 CVE-2014-3153 * A flaw was found in the way the Linux kernel's futex subsystem handledthe requeuing of certain Priority Inheritance (PI) futexes. A local,unprivileged user could use this flaw to escalate their privileges on thesystem. (CVE-2014-3153, Important)* A flaw was ... Read More...

Another set of OpenSSL Bugs discovered. Upgrade OpenSSL on your CentOS Linux servers!

A new set of bugs have been identified and patched in OpenSSL. The following new bugs have been patched in the latest release of OpenSSL: CVE-2010-5298 - possible use of memory after free CVE-2014-0195 - buffer overflow via invalid DTLS fragment CVE-2014-0198 - possible NULL pointer dereference CVE-2014-0221 - DoS from invalid DTLS handshake ... Read More...

CRITICAL OpenSSL Vulnerability “Heartbleed” in OpenSSL 1.0.1 to 1.0.1f – How to patch this bug on your CentOS system

Heartbleed Bug Summary A new bug in OpenSSL has been discovered that allows a remote attacker to access parts of memory on systems using vulnerable versions of OpenSSL (eg: HTTPS). This can allow an attacker to gain access to private keys, usernames, passwords and eavesdrop on encrypted traffic. For more information, ... Read More...

CentOS Linux Kernel Update 2.6.32-431.5.1 Released

CentOS Linux kernel 2.6.32-431.5.1 has just been released. Update type(s): security and bug fix Resolved CVEs: CVE-2013-2929 CVE-2013-6381 CVE-2013-7263 CVE-2013-7265 * A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system ... Read More...