CentOS Linux Kernel Update 2.6.32-504.1.3 Released

CentOS 6 Linux kernel 2.6.32-504.1.3 has recently been released. Update type(s): security, bug fix Resolved CVEs: CVE-2014-3185 CVE-2014-3611 CVE-2014-3645 CVE-2014-3646 * A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611, Important) * ...

Read More...

Criticical BASH vulnerability discovered – update BASH on your CentOS Linux server now!

Update #3 - Unsurprisingly with all the attention that BASH is now receiving, additional vulnerabilities (CVE-2014-7186 and CVE-2014-7187) have been discovered. They are currently unresolved. For a more detailed write-up, see: http://www.itnews.com.au/News/396256,further-flaws-render-shellshock-patch-ineffective.aspx - when there are updates available to resolve these issues, I will update this post.   Update #2 - A new BASH ...

Read More...

CentOS Linux Kernel Update 2.6.32-431.29.2 Released

CentOS 6 Linux kernel 2.6.32-431.29.2 has recently been released. Update type(s): security Resolved CVEs: CVE-2014-0205 CVE-2014-3535 CVE-2014-3917 CVE-2014-4667 * A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs ...

Read More...

CentOS Linux Kernel Update 2.6.32-431.23.3 Released

CentOS 6 Linux kernel 2.6.32-431.23.3 has just been released. Update type(s): security, bug fix, enhancement Resolved CVEs: CVE-2012-6647 CVE-2013-7339 CVE-2014-2672 CVE-2014-2678 CVE-2014-2706 CVE-2014-2851 CVE-2014-3144 CVE-2014-3145 * A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. ...

Read More...

CentOS Linux Kernel Update 2.6.32-431.20.3 Released

CentOS Linux kernel 2.6.32-431.20.3 has just been released. Update type(s): security and bug fix Resolved CVEs: CVE-2013-6378 CVE-2014-0203 CVE-2014-1737 CVE-2014-1738 CVE-2014-1874 CVE-2014-2039 CVE-2014-3153 * A flaw was found in the way the Linux kernel's futex subsystem handledthe requeuing of certain Priority Inheritance (PI) futexes. A local,unprivileged user could use this flaw to escalate their privileges on thesystem. (CVE-2014-3153, Important)* A flaw was ...

Read More...

Another set of OpenSSL Bugs discovered. Upgrade OpenSSL on your CentOS Linux servers!

A new set of bugs have been identified and patched in OpenSSL. The following new bugs have been patched in the latest release of OpenSSL: CVE-2010-5298 - possible use of memory after free CVE-2014-0195 - buffer overflow via invalid DTLS fragment CVE-2014-0198 - possible NULL pointer dereference CVE-2014-0221 - DoS from invalid DTLS handshake ...

Read More...