CentOS Linux Kernel Update 2.6.32-431.17.1 Released

CentOS Linux kernel 2.6.32-431.17.1 has just been released. Update type(s): security and bug fix Resolved CVEs: CVE-2013-6383 CVE-2014-0077 CVE-2014-2523 * A flaw was found in the way the Linux kernel's netfilter connection tracking implementation for Datagram Congestion Control Protocol (DCCP) packets used the skb_header_pointer() function. A remote attacker could use this flaw to send a specially crafted DCCP packet to crash ... Read More...

CRITICAL OpenSSL Vulnerability “Heartbleed” in OpenSSL 1.0.1 to 1.0.1f – How to patch this bug on your CentOS system

Heartbleed Bug Summary A new bug in OpenSSL has been discovered that allows a remote attacker to access parts of memory on systems using vulnerable versions of OpenSSL (eg: HTTPS). This can allow an attacker to gain access to private keys, usernames, passwords and eavesdrop on encrypted traffic. For more information, ... Read More...

CentOS Linux Kernel Update 2.6.32-431.11.2 Released

CentOS Linux kernel 2.6.32-431.11.2 has just been released. Update type(s): security and bug fix Resolved CVEs: CVE-2013-1860 CVE-2014-0055 CVE-2014-0069 CVE-2014-0101 * A flaw was found in the way the get_rx_bufs() function in the vhost_net implementation in the Linux kernel handled error conditions reported by the vhost_get_vq_desc() function. A privileged guest user could use this flaw to crash the host. (CVE-2014-0055, Important) * A ... Read More...

Bug in GnuTLS library discovered – allows attackers to bypass SSL trivially – update your GnuTLS now!

What is the GnuTLS bug? Red Hat has discovered a bug in the GnuTLS (GNU Transport Layer Security) package that may allow attackers to trivially bypass SSL (CVE-2014-0092). RHEL, CentOS, Debian and other popular Linux distributions are susceptible to potential eavesdropping due to this bug. What version of GnuTLS is affected? At this ... Read More...

CentOS Linux Kernel Update 2.6.32-431.5.1 Released

CentOS Linux kernel 2.6.32-431.5.1 has just been released. Update type(s): security and bug fix Resolved CVEs: CVE-2013-2929 CVE-2013-6381 CVE-2013-7263 CVE-2013-7265 * A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system ... Read More...