CentOS Linux Kernel Update 2.6.32-504.3.3 Released

CentOS 6 Linux kernel 2.6.32-504.3.3 has recently been released.

Update type(s): security, bug fix

Resolved CVEs:

CVE-2012-6657
CVE-2014-3673
CVE-2014-3687
CVE-2014-3688
CVE-2014-5471
CVE-2014-5472
CVE-2014-6410
CVE-2014-9322

* A flaw was found in the way the Linux kernel handled GS segment register
base switching when recovering from a #SS (stack segment) fault on an
erroneous return to user space. A local, unprivileged user could use this
flaw to escalate their privileges on the system. (CVE-2014-9322, Important)

* A flaw was found in the way the Linux kernel’s SCTP implementation
handled malformed or duplicate Address Configuration Change Chunks
(ASCONF). A remote attacker could use either of these flaws to crash the
system. (CVE-2014-3673, CVE-2014-3687, Important)

* A flaw was found in the way the Linux kernel’s SCTP implementation
handled the association’s output queue. A remote attacker could send
specially crafted packets that would cause the system to use an excessive
amount of memory, leading to a denial of service. (CVE-2014-3688,
Important)

* A stack overflow flaw caused by infinite recursion was found in the way
the Linux kernel’s UDF file system implementation processed indirect ICBs.
An attacker with physical access to the system could use a specially
crafted UDF image to crash the system. (CVE-2014-6410, Low)

* It was found that the Linux kernel’s networking implementation did not
correctly handle the setting of the keepalive socket option on raw sockets.
A local user able to create a raw socket could use this flaw to crash the
system. (CVE-2012-6657, Low)

* It was found that the parse_rock_ridge_inode_internal() function of the
Linux kernel’s ISOFS implementation did not correctly check relocated
directories when processing Rock Ridge child link (CL) tags. An attacker
with physical access to the system could use a specially crafted ISO image
to crash the system or, potentially, escalate their privileges on the
system. (CVE-2014-5471, CVE-2014-5472, Low)

 

Full details can be found here.

Updating the Kernel

You can either initiate a full yum update:

yum update
Alternatively, just update the kernel packages:
yum update "kernel-*"

Cached repo data can also prevent new updates from being found. To clear your yum cache, run:

yum clean all
Scan to Donate Bitcoin
Like this? Donate Bitcoin to at:
Bitcoin 13KzxfEoFPzt5ccoQvSkUEytTgQV8JN5ej
Donate
Share This Post

About Author: Curtis K

Hi! My name is Curtis, and I am the creator of CentOS Blog. Please feel free to comment any suggestions, feedback or questions on my posts!