CentOS Linux Kernel Update 2.6.32-573.7.1 Released

CentOS 6 Linux kernel 2.6.32-573.7.1 has recently been released. Update type(s): bugfix Resolved CVEs: CVE-2015-5364 CVE-2015-5366 * When logging in as a user and trying to mount a share using the "cd" command, the UID and GID autofs additional variables previously took incorrect values, taking root UID and GID instead of user's UID and GID. The bug ...

Read More...

CentOS Linux Kernel Update 2.6.32-573.3.1 Released

CentOS 6 Linux kernel 2.6.32-573.3.1 has recently been released. Update type(s): security and bugfix Resolved CVEs: CVE-2015-5364 CVE-2015-5366 * When removing a directory, and a reference was held to that directory by a reference to a negative child dentry, the directory dentry was previously not killed. In addition, once the negative child dentry was killed, an unlinked and unused ...

Read More...

CentOS Linux Kernel Update 2.6.32-504.23.4 Released

CentOS 6 Linux kernel 2.6.32-504.16.2 was released on 09 June. Update type(s): security, bugfix and enhancement Resolved CVEs: CVE-2014-9419 CVE-2014-9420 CVE-2014-9585 CVE-2015-1805 CVE-2015-3331 * It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in ...

Read More...

CentOS Linux Kernel Update 2.6.32-504.16.2 Released

CentOS 6 Linux kernel 2.6.32-504.16.2 was released on 22 April. Update type(s): security Resolved CVEs: CVE-2014-3215 CVE-2014-3690 CVE-2014-7825 CVE-2014-7826 CVE-2014-8171 CVE-2014-8884 CVE-2014-9529 CVE-2014-9584 CVE-2015-1421 * A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid() ...

Read More...

CentOS Linux Kernel Update 2.6.32-504.8.1 Released

CentOS 6 Linux kernel 2.6.32-504.8.1 has recently been released. Update type(s): security, bug fix Resolved CVEs: CVE-2014-4656 CVE-2014-7841 * A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger ...

Read More...

CentOS Linux Kernel Update 2.6.32-431.20.3 Released

CentOS Linux kernel 2.6.32-431.20.3 has just been released. Update type(s): security and bug fix Resolved CVEs: CVE-2013-6378 CVE-2014-0203 CVE-2014-1737 CVE-2014-1738 CVE-2014-1874 CVE-2014-2039 CVE-2014-3153 * A flaw was found in the way the Linux kernel's futex subsystem handledthe requeuing of certain Priority Inheritance (PI) futexes. A local,unprivileged user could use this flaw to escalate their privileges on thesystem. (CVE-2014-3153, Important)* A flaw was ...

Read More...