CentOS Linux Kernel Update 2.6.32-504.1.3 Released

Posted by Curtis K in Administration, Announcements, CentOS 6, News, Security Nov, 11 2014 5 Comments

CentOS 6 Linux kernel 2.6.32-504.1.3 has recently been released.

Update type(s): security, bug fix

Resolved CVEs:

CVE-2014-3185
CVE-2014-3611
CVE-2014-3645
CVE-2014-3646

* A race condition flaw was found in the way the Linux kernel’s KVM
subsystem handled PIT (Programmable Interval Timer) emulation. A guest user
who has access to the PIT I/O ports could use this flaw to crash the host.
(CVE-2014-3611, Important)

* A memory corruption flaw was found in the way the USB ConnectTech
WhiteHEAT serial driver processed completion commands sent via USB Request
Blocks buffers. An attacker with physical access to the system could use
this flaw to crash the system or, potentially, escalate their privileges on
the system. (CVE-2014-3185, Moderate)

* It was found that the Linux kernel’s KVM subsystem did not handle the VM
exits gracefully for the invept (Invalidate Translations Derived from EPT)
and invvpid (Invalidate Translations Based on VPID) instructions. On hosts
with an Intel processor and invept/invppid VM exit support, an unprivileged
guest user could use these instructions to crash the guest. (CVE-2014-3645,
CVE-2014-3646, Moderate)

 

Full details can be found here.

Updating the Kernel

You can either initiate a full yum update:

yum update
Alternatively, just update the kernel packages:
yum update "kernel-*"

Note: As this update has just been released, your preferred CentOS yum mirror may not have the update yet. In this case. you may need to wait a few hours for the update to become available. Cached repo data can also prevent new updates from being found. To clear your yum cache, run:

yum clean all
Tags With:
Share This Post

About Author: Curtis K

Hi! My name is Curtis, and I am the author of CentOS Blog. Please feel free to comment with any suggestions, feedback or questions!