ID de Prueba:	1.3.6.1.4.1.25623.1.0.882110
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for kernel CESA-2015:0087 centos6
Resumen:	Check the version of kernel
Descripción:	Summary: Check the version of kernel Vulnerability Insight: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. (CVE-2014-7841, Important) * An integer overflow flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system. (CVE-2014-4656, Moderate) The CVE-2014-7841 issue was discovered by Liu Wei of Red Hat. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. Affected Software/OS: kernel on CentOS 6 Solution: Please install the updated packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-4656 http://www.openwall.com/lists/oss-security/2014/06/26/6 RedHat Security Advisories: RHSA-2014:1083 http://rhn.redhat.com/errata/RHSA-2014-1083.html RedHat Security Advisories: RHSA-2015:0087 http://rhn.redhat.com/errata/RHSA-2015-0087.html http://www.securitytracker.com/id/1038201 http://secunia.com/advisories/59434 http://secunia.com/advisories/59777 http://secunia.com/advisories/60545 http://secunia.com/advisories/60564 SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://www.ubuntu.com/usn/USN-2334-1 http://www.ubuntu.com/usn/USN-2335-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-7841 62305 http://secunia.com/advisories/62305 62597 http://secunia.com/advisories/62597 62735 http://secunia.com/advisories/62735 71081 http://www.securityfocus.com/bid/71081 DSA-3093 http://www.debian.org/security/2014/dsa-3093 RHSA-2015:0087 RHSA-2015:0102 http://rhn.redhat.com/errata/RHSA-2015-0102.html RHSA-2015:0284 http://rhn.redhat.com/errata/RHSA-2015-0284.html RHSA-2015:0285 http://rhn.redhat.com/errata/RHSA-2015-0285.html RHSA-2015:0695 http://rhn.redhat.com/errata/RHSA-2015-0695.html SUSE-SU-2015:0481 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html SUSE-SU-2015:0529 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html SUSE-SU-2015:0652 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html [oss-security] 20141113 CVE-2014-7841 Linux kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet http://www.openwall.com/lists/oss-security/2014/11/13/6 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e40607cbe270a9e8360907cb1e62ddf0736e4864 http://linux.oracle.com/errata/ELSA-2015-3004.html http://linux.oracle.com/errata/ELSA-2015-3005.html http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.4 https://bugzilla.redhat.com/show_bug.cgi?id=1163087 https://github.com/torvalds/linux/commit/e40607cbe270a9e8360907cb1e62ddf0736e4864 https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16016.html openSUSE-SU-2015:0566 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.