English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.882752
Category:CentOS Local Security Checks
Title:CentOS Update for kernel CESA-2017:1723 centos6
Summary:Check the version of kernel
Description:Summary:
Check the version of kernel

Vulnerability Insight:
The kernel packages contain the Linux
kernel, the core of any Linux operating system.

Security Fix(es):

* The NFSv2 and NFSv3 server implementations in the Linux kernel through
4.10.13 lacked certain checks for the end of a buffer. A remote attacker
could trigger a pointer-arithmetic error or possibly cause other
unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and
fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)

Red Hat would like to thank Ari Kauppi for reporting this issue.

Bug Fix(es):

* If several file operations were started after a mounted NFS share had got
idle and its Transmission Control Protocol (TCP) connection had therefore
been terminated, these operations could cause multiple TCP SYN packets
coming from the NFS client instead of one. With this update, the
reconnection logic has been fixed, and only one TCP SYN packet is now sent
in the described situation. (BZ#1450850)

* When the ixgbe driver was loaded for a backplane-connected network card,
a kernel panic could occur, because the ops.setup_fc function pointer was
used before the initialization. With this update, ops.setup_fc is
initialized earlier. As a result, ixgbe no longer panics on load.
(BZ#1457347)

* When setting an Access Control List (ACL) with 190 and more Access
Control Entries (ACEs) on a NFSv4 directory, a kernel crash could
previously occur. This update fixes the nfs4_getfacl() function, and the
kernel no longer crashes under the described circumstances. (BZ#1449096)

* When upgrading to kernel with the fix for stack guard flaw, a crash could
occur in Java Virtual Machine (JVM) environments, which attempted to
implement their own stack guard page. With this update, the underlying
source code has been fixed to consider the PROT_NONE mapping as a part of
the stack, and the crash in JVM no longer occurs under the described
circumstances. (BZ#1466667)

* When a program receives IPv6 packets using the raw socket, the
ioctl(FIONREAD) and ioctl(SIOCINQ) functions can incorrectly return zero
waiting bytes. This update fixes the ip6_input_finish() function to check
the raw payload size properly. As a result, the ioctl() function now
returns bytes waiting in the raw socket correctly. (BZ#1450870)

* Previously, listing a directory on a non-standard XFS filesystem (with
non-default multi-fsb directory blocks) could lead to a soft lock up due to
array index overrun in the xfs_dir2_leaf_readbuf() function. This update
fixes xfs_dir2_leaf_readbuf(), and the soft lock up no longer occurs under
the described circumstances. (BZ#1445179)

* Previously, aborts from the array after the Storage Area Network (SAN ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
kernel on CentOS 6

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-7895
BugTraq ID: 98085
http://www.securityfocus.com/bid/98085
Debian Security Information: DSA-3886 (Google Search)
http://www.debian.org/security/2017/dsa-3886
RedHat Security Advisories: RHSA-2017:1615
https://access.redhat.com/errata/RHSA-2017:1615
RedHat Security Advisories: RHSA-2017:1616
https://access.redhat.com/errata/RHSA-2017:1616
RedHat Security Advisories: RHSA-2017:1647
https://access.redhat.com/errata/RHSA-2017:1647
RedHat Security Advisories: RHSA-2017:1715
https://access.redhat.com/errata/RHSA-2017:1715
RedHat Security Advisories: RHSA-2017:1723
https://access.redhat.com/errata/RHSA-2017:1723
RedHat Security Advisories: RHSA-2017:1766
https://access.redhat.com/errata/RHSA-2017:1766
RedHat Security Advisories: RHSA-2017:1798
https://access.redhat.com/errata/RHSA-2017:1798
RedHat Security Advisories: RHSA-2017:2412
https://access.redhat.com/errata/RHSA-2017:2412
RedHat Security Advisories: RHSA-2017:2428
https://access.redhat.com/errata/RHSA-2017:2428
RedHat Security Advisories: RHSA-2017:2429
https://access.redhat.com/errata/RHSA-2017:2429
RedHat Security Advisories: RHSA-2017:2472
https://access.redhat.com/errata/RHSA-2017:2472
RedHat Security Advisories: RHSA-2017:2732
https://access.redhat.com/errata/RHSA-2017:2732
CopyrightCopyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.