Test ID:	1.3.6.1.4.1.25623.1.0.882079
Category:	CentOS Local Security Checks
Title:	CentOS Update for kernel CESA-2014:1843 centos6
Summary:	Check the version of kernel
Description:	Summary: Check the version of kernel Vulnerability Insight: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611, Important) * A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3185, Moderate) * It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. (CVE-2014-3645, CVE-2014-3646, Moderate) Red Hat would like to thank Lars Bull of Google for reporting CVE-2014-3611, and the Advanced Threat Research team at Intel Security for reporting CVE-2014-3645 and CVE-2014-3646. This update also fixes the following bugs: * This update fixes several race conditions between PCI error recovery callbacks and potential calls of the ifup and ifdown commands in the tg3 driver. When triggered, these race conditions could cause a kernel crash. (BZ#1142570) * Previously, GFS2 failed to unmount a sub-mounted GFS2 file system if its parent was also a GFS2 file system. This problem has been fixed by adding the appropriate d_op- d_hash() routine call for the last component of the mount point path in the path name lookup mechanism code (namei). (BZ#1145193) * Due to previous changes in the virtio-net driver, a Red Hat Enterprise Linux 6.6 guest was unable to boot with the 'mgr_rxbuf=off' option specified. This was caused by providing the page_to_skb() function with an incorrect packet length in the driver's Rx path. This problem has been fixed and the guest in the described scenario can now boot successfully. (BZ#1148693) * When using one of the newer IPSec Authentication Header (AH) algorithms with Openswan, a kernel panic could occur. This happened because the maximum truncated ICV length was too small. To fix this problem, the MAX_AH_AUTH_LEN parameter has been set to 64. (BZ#1149083) * A bug in the IPMI driver caused the kernel to panic when an IPMI interface was removed using the hotmod script. The IPMI driver has been fixed to properly clean the relev ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: kernel on CentOS 6 Solution: Please install the updated packages. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3185 BugTraq ID: 69781 http://www.securityfocus.com/bid/69781 https://code.google.com/p/google-security-research/issues/detail?id=98 http://www.openwall.com/lists/oss-security/2014/09/11/21 RedHat Security Advisories: RHSA-2014:1318 http://rhn.redhat.com/errata/RHSA-2014-1318.html RedHat Security Advisories: RHSA-2015:0284 http://rhn.redhat.com/errata/RHSA-2015-0284.html SuSE Security Announcement: SUSE-SU-2015:0481 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html SuSE Security Announcement: SUSE-SU-2015:0652 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html SuSE Security Announcement: openSUSE-SU-2015:0566 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://www.ubuntu.com/usn/USN-2374-1 http://www.ubuntu.com/usn/USN-2375-1 http://www.ubuntu.com/usn/USN-2376-1 http://www.ubuntu.com/usn/USN-2377-1 http://www.ubuntu.com/usn/USN-2378-1 http://www.ubuntu.com/usn/USN-2379-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-3611 DSA-3060 http://www.debian.org/security/2014/dsa-3060 RHSA-2015:0126 http://rhn.redhat.com/errata/RHSA-2015-0126.html RHSA-2015:0284 RHSA-2015:0869 http://rhn.redhat.com/errata/RHSA-2015-0869.html USN-2394-1 http://www.ubuntu.com/usn/USN-2394-1 USN-2417-1 http://www.ubuntu.com/usn/USN-2417-1 USN-2418-1 http://www.ubuntu.com/usn/USN-2418-1 USN-2491-1 http://www.ubuntu.com/usn/USN-2491-1 [oss-security] 20141024 kvm issues http://www.openwall.com/lists/oss-security/2014/10/24/9 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2febc839133280d5a5e8e1179c94ea674489dae2 https://bugzilla.redhat.com/show_bug.cgi?id=1144878 https://github.com/torvalds/linux/commit/2febc839133280d5a5e8e1179c94ea674489dae2 Common Vulnerability Exposure (CVE) ID: CVE-2014-3645 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bfd0a56b90005f8c8a004baf407ad90045c2b11e https://bugzilla.redhat.com/show_bug.cgi?id=1144835 https://github.com/torvalds/linux/commit/bfd0a56b90005f8c8a004baf407ad90045c2b11e Common Vulnerability Exposure (CVE) ID: CVE-2014-3646 SUSE-SU-2015:0481 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a642fc305053cc1c6e47e4f4df327895747ab485 https://bugzilla.redhat.com/show_bug.cgi?id=1144825 https://github.com/torvalds/linux/commit/a642fc305053cc1c6e47e4f4df327895747ab485 openSUSE-SU-2015:0566
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.