CentOS Linux kernel 2.6.32-431.20.3 has just been released. Update type(s): security and bug fix Resolved CVEs: CVE-2013-6378 CVE-2014-0203 CVE-2014-1737 CVE-2014-1738 CVE-2014-1874 CVE-2014-2039 CVE-2014-3153 * A flaw was found in the way the Linux kernel's futex subsystem handledthe requeuing of certain Priority Inheritance (PI) futexes. A local,unprivileged user could use this flaw to escalate their privileges on thesystem. (CVE-2014-3153, Important)* A flaw was ... Read More...
Security
A new set of bugs have been identified and patched in OpenSSL. The following new bugs have been patched in the latest release of OpenSSL: CVE-2010-5298 - possible use of memory after free CVE-2014-0195 - buffer overflow via invalid DTLS fragment CVE-2014-0198 - possible NULL pointer dereference CVE-2014-0221 - DoS from invalid DTLS handshake ... Read More...
CentOS Linux kernel 2.6.32-431.17.1 has just been released. Update type(s): security and bug fix Resolved CVEs: CVE-2013-6383 CVE-2014-0077 CVE-2014-2523 * A flaw was found in the way the Linux kernel's netfilter connection tracking implementation for Datagram Congestion Control Protocol (DCCP) packets used the skb_header_pointer() function. A remote attacker could use this flaw to send a specially crafted DCCP packet to crash ... Read More...
CentOS Linux kernel 2.6.32-431.11.2 has just been released. Update type(s): security and bug fix Resolved CVEs: CVE-2013-1860 CVE-2014-0055 CVE-2014-0069 CVE-2014-0101 * A flaw was found in the way the get_rx_bufs() function in the vhost_net implementation in the Linux kernel handled error conditions reported by the vhost_get_vq_desc() function. A privileged guest user could use this flaw to crash the host. (CVE-2014-0055, Important) * A ... Read More...
What is the GnuTLS bug? Red Hat has discovered a bug in the GnuTLS (GNU Transport Layer Security) package that may allow attackers to trivially bypass SSL (CVE-2014-0092). RHEL, CentOS, Debian and other popular Linux distributions are susceptible to potential eavesdropping due to this bug. What version of GnuTLS is affected? At this ... Read More...
1. What is key-based, passwordless SSH authentication? Setting up SSH keys for passwordless authentication is a preferred, quick and painless authentication mechanism on CentOS Linux, and many other SSH based systems. It also allows you to set up automated tasks, such as copying backups to another server, without having to enter ... Read More...