CentOS Linux Kernel Update 2.6.32-431.23.3 Released

Posted by Curtis K in Administration, Announcements, CentOS 6, News, Security Aug, 01 2014 No Comments

CentOS 6 Linux kernel 2.6.32-431.23.3 has just been released.

Update type(s): security, bug fix, enhancement

Resolved CVEs:

CVE-2012-6647
CVE-2013-7339
CVE-2014-2672
CVE-2014-2678
CVE-2014-2706
CVE-2014-2851
CVE-2014-3144
CVE-2014-3145

* A use-after-free flaw was found in the way the ping_init_sock() function
of the Linux kernel handled the group_info reference counter. A local,
unprivileged user could use this flaw to crash the system or, potentially,
escalate their privileges on the system. (CVE-2014-2851, Important)

* A NULL pointer dereference flaw was found in the way the
futex_wait_requeue_pi() function of the Linux kernel’s futex subsystem
handled the requeuing of certain Priority Inheritance (PI) futexes.
A local, unprivileged user could use this flaw to crash the system.
(CVE-2012-6647, Moderate)

* A NULL pointer dereference flaw was found in the rds_ib_laddr_check()
function in the Linux kernel’s implementation of Reliable Datagram Sockets
(RDS). A local, unprivileged user could use this flaw to crash the system.
(CVE-2013-7339, Moderate)

* It was found that a remote attacker could use a race condition flaw in
the ath_tx_aggr_sleep() function to crash the system by creating large
network traffic on the system’s Atheros 9k wireless network adapter.
(CVE-2014-2672, Moderate)

* A NULL pointer dereference flaw was found in the rds_iw_laddr_check()
function in the Linux kernel’s implementation of Reliable Datagram Sockets
(RDS). A local, unprivileged user could use this flaw to crash the system.
(CVE-2014-2678, Moderate)

* A race condition flaw was found in the way the Linux kernel’s mac80211
subsystem implementation handled synchronization between TX and STA wake-up
code paths. A remote attacker could use this flaw to crash the system.
(CVE-2014-2706, Moderate)

* An out-of-bounds memory access flaw was found in the Netlink Attribute
extension of the Berkeley Packet Filter (BPF) interpreter functionality in
the Linux kernel’s networking implementation. A local, unprivileged user
could use this flaw to crash the system or leak kernel memory to user space
via a specially crafted socket filter. (CVE-2014-3144, CVE-2014-3145,
Moderate)

 

Full details can be found here.

Updating the Kernel

You can either initiate a full yum update:

yum update
Alternatively, just update the kernel packages:
yum update "kernel-*"

As this update has just been released, your preferred CentOS yum mirror may not have the update yet. In this case. you may need to wait a few hours for the update to become available. Cached repo data can also prevent new updates from being found. To clear your yum cache, run:

yum clean all
Tags With:
Share This Post

About Author: Curtis K

Hi! My name is Curtis, and I am the author of CentOS Blog. Please feel free to comment with any suggestions, feedback or questions!