 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.881093 |
| Category: | CentOS Local Security Checks |
| Title: | CentOS Update for kernel CESA-2012:0571 centos6 |
| Summary: | The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory. |
| Description: | Summary: The remote host is missing an update for the 'kernel' package(s) announced via the referenced advisory. Vulnerability Insight: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel's journal_unmap_buffer() function handled buffer head states. On systems that have an ext4 file system with a journal mounted, a local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-4086, Moderate) * A flaw was found in the way the KVM_CREATE_IRQCHIP ioctl was handled. Calling this ioctl when at least one virtual CPU (VCPU) already existed could lead to a NULL pointer dereference later when the VCPU is scheduled to run. A local, unprivileged user on a KVM host could use this flaw to crash the host. (CVE-2012-1601, Moderate) This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. Affected Software/OS: kernel on CentOS 6 Solution: Please install the updated packages. CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-4086 48898 http://secunia.com/advisories/48898 48964 http://secunia.com/advisories/48964 DSA-2469 http://www.debian.org/security/2012/dsa-2469 RHSA-2012:0571 http://rhn.redhat.com/errata/RHSA-2012-0571.html RHSA-2012:0670 http://rhn.redhat.com/errata/RHSA-2012-0670.html SUSE-SU-2012:0554 http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html SUSE-SU-2012:0616 http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=15291164b22a357cb211b618adfef4fa82fc0de3 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.1 https://bugzilla.redhat.com/show_bug.cgi?id=749143 https://github.com/torvalds/linux/commit/15291164b22a357cb211b618adfef4fa82fc0de3 Common Vulnerability Exposure (CVE) ID: CVE-2012-1601 1026897 http://www.securitytracker.com/id?1026897 49928 http://secunia.com/advisories/49928 RHSA-2012:0676 http://rhn.redhat.com/errata/RHSA-2012-0676.html SUSE-SU-2012:1679 https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html [oss-security] 20120329 Re: CVE request -- kernel: kvm: irqchip_in_kernel() and vcpu->arch.apic inconsistency http://www.openwall.com/lists/oss-security/2012/03/30/1 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6 https://bugzilla.redhat.com/show_bug.cgi?id=808199 https://github.com/torvalds/linux/commit/9c895160d25a76c21b65bad141b08e8d4f99afef openSUSE-SU-2013:0925 http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html |
| Copyright | Copyright (C) 2012 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |