News Archives - Page 2 of 4

Critical QEMU Vulnerability – VENOM – affects Xen, KVM, VirtualBox, XenServer

Posted by Curtis K in Administration May, 14 2015 No Comments

What is the VENOM vulnerability? A new vulnerability, dubbed "VENOM" has been discovered, which exploits the virtual floppy drive code in QEMU. This vulnerability potentially allows an attacker to break out of their VM (guest) and gain privileged access to the Host machine, and its guest VMs. The official website, which contains ... Read More...

CentOS Linux Kernel Update 2.6.32-504.1.3 Released

Posted by Curtis K in Administration Nov, 11 2014 5 Comments

CentOS 6 Linux kernel 2.6.32-504.1.3 has recently been released. Update type(s): security, bug fix Resolved CVEs: CVE-2014-3185 CVE-2014-3611 CVE-2014-3645 CVE-2014-3646 * A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611, Important) * ... Read More...

CentOS Linux Kernel Update 2.6.32-431.29.2 Released

Posted by Curtis K in Administration Sep, 10 2014 No Comments

CentOS 6 Linux kernel 2.6.32-431.29.2 has recently been released. Update type(s): security Resolved CVEs: CVE-2014-0205 CVE-2014-3535 CVE-2014-3917 CVE-2014-4667 * A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs ... Read More...

CentOS Linux Kernel Update 2.6.32-431.23.3 Released

Posted by Curtis K in Administration Aug, 01 2014 No Comments

CentOS 6 Linux kernel 2.6.32-431.23.3 has just been released. Update type(s): security, bug fix, enhancement Resolved CVEs: CVE-2012-6647 CVE-2013-7339 CVE-2014-2672 CVE-2014-2678 CVE-2014-2706 CVE-2014-2851 CVE-2014-3144 CVE-2014-3145 * A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. ... Read More...

CentOS Linux 7 Kernel Update 3.10.0-123.4.4 Released

Posted by Curtis K in Administration Jul, 26 2014 5 Comments

CentOS 7 Linux kernel 2.6.32-431.20.5 has just been released. Update type(s): security Resolved CVEs: CVE-2014-4699 CVE-2014-4943 * It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this ... Read More...

CentOS Linux Kernel Update 2.6.32-431.20.5 Released

Posted by Curtis K in Administration Jul, 26 2014 No Comments

CentOS 6 Linux kernel 2.6.32-431.20.5 has just been released. Update type(s): security Resolved CVEs: CVE-2014-4699 CVE-2014-4943 * It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to ... Read More...

News