| Description: | Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the CESA-2019:2473 advisory.
Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
* Kernel: page cache side channel attacks (CVE-2019-5489)
* kernel: Salsa20 encryption algorithm does not correctly handle
zero-length inputs allowing local attackers to cause denial-of-service
(CVE-2017-17805)
* kernel: Unprivileged users able to inspect kernel stacks of arbitrary
tasks (CVE-2018-17972)
* kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug Fix(es):
* OOPS with Null Pointer exception in v4l2_ctrl_query_menu when second arg
of function is NULL (BZ#1647975)
* Another RHEL 6 hang in congestion_wait() (BZ#1658254)
* kernel crash after running user space script (BZ#1663262)
* RHEL-6.10: Don't report the use of retpoline on Skylake as vulnerable
(BZ#1666102)
* Bad pagetable: 000f *pdpt = 0000000000000000 *pde = 0000000000000000
RHEL 6 32bit (BZ#1702782)
* fs/binfmt_misc.c: do not allow offset overflow [6.10.z] (BZ#1710149)
* Wrong spectre backport causing linux headers to break compilation of 3rd
party packages (BZ#1722185)
Affected Software/OS:
'kernel' package(s) on CentOS 6.
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
