CentOS Local Security Checks : CentOS Update for kernel CESA-2017:2863 centos6

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.882783

Kategorie: CentOS Local Security Checks

Titel: CentOS Update for kernel CESA-2017:2863 centos6

Zusammenfassung: Check the version of kernel

Beschreibung: Summary:
Check the version of kernel

Vulnerability Insight:
The kernel packages contain the Linux
kernel, the core of any Linux operating system.

Security Fix(es):

* Kernel memory corruption due to a buffer overflow was found in
brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to
v4.13-rc1. The vulnerability can be triggered by sending a crafted
NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered
remotely as certain userspace code is needed for this. An unprivileged
local user could use this flaw to induce kernel memory corruption on the
system, leading to a crash. Due to the nature of the flaw, privilege
escalation cannot be fully ruled out, although it is unlikely.
(CVE-2017-7541, Moderate)

Bug Fix(es):

* Previously, removal of a rport during ISCSI target scanning could cause a
kernel panic. This was happening because addition of STARGET_REMOVE to the
rport state introduced a race condition to the SCSI code. This update adds
the STARGET_CREATED_REMOVE state as a possible state of the rport and
appropriate handling of that state, thus fixing the bug. As a result, the
kernel panic no longer occurs under the described circumstances.
(BZ#1472127)

* Previously, GFS2 contained multiple bugs where the wrong inode was
assigned to GFS2 cluster-wide locks (glocks), or the assigned inode was
cleared incorrectly. Consequently, kernel panic could occur when using
GFS2. With this update, GFS2 has been fixed, and the kernel no longer
panics due to those bugs. (BZ#1479397)

* Previously, VMs with memory larger than 64GB running on Hyper-V with
Windows Server hosts reported potential memory size of 4TB and more, but
could not use more than 64GB. This was happening because the Memory Type
Range Register (MTRR) for memory above 64GB was omitted. With this update,
the /proc/mtrr file has been fixed to show correct base/size if they are
more than 44 bit wide. As a result, the whole size of memory is now
available as expected under the described circumstances. (BZ#1482855)

Affected Software/OS:
kernel on CentOS 6

Solution:
Please Install the Updated Packages.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-7541
1038981
http://www.securitytracker.com/id/1038981
99955
http://www.securityfocus.com/bid/99955
DSA-3927
http://www.debian.org/security/2017/dsa-3927
DSA-3945
http://www.debian.org/security/2017/dsa-3945
RHSA-2017:2863
https://access.redhat.com/errata/RHSA-2017:2863
RHSA-2017:2918
https://access.redhat.com/errata/RHSA-2017:2918
RHSA-2017:2930
https://access.redhat.com/errata/RHSA-2017:2930
RHSA-2017:2931
https://access.redhat.com/errata/RHSA-2017:2931
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f44c9a41386729fea410e688959ddaa9d51be7c
http://openwall.com/lists/oss-security/2017/07/24/2
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.3
https://bugzilla.novell.com/show_bug.cgi?id=1049645
https://bugzilla.redhat.com/show_bug.cgi?id=1473198
https://github.com/torvalds/linux/commit/8f44c9a41386729fea410e688959ddaa9d51be7c
https://source.android.com/security/bulletin/2017-11-01
https://www.spinics.net/lists/stable/msg180994.html

Copyright Copyright (C) 2017 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.882783
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for kernel CESA-2017:2863 centos6
Zusammenfassung:	Check the version of kernel
Beschreibung:	Summary: Check the version of kernel Vulnerability Insight: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace code is needed for this. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely. (CVE-2017-7541, Moderate) Bug Fix(es): * Previously, removal of a rport during ISCSI target scanning could cause a kernel panic. This was happening because addition of STARGET_REMOVE to the rport state introduced a race condition to the SCSI code. This update adds the STARGET_CREATED_REMOVE state as a possible state of the rport and appropriate handling of that state, thus fixing the bug. As a result, the kernel panic no longer occurs under the described circumstances. (BZ#1472127) * Previously, GFS2 contained multiple bugs where the wrong inode was assigned to GFS2 cluster-wide locks (glocks), or the assigned inode was cleared incorrectly. Consequently, kernel panic could occur when using GFS2. With this update, GFS2 has been fixed, and the kernel no longer panics due to those bugs. (BZ#1479397) * Previously, VMs with memory larger than 64GB running on Hyper-V with Windows Server hosts reported potential memory size of 4TB and more, but could not use more than 64GB. This was happening because the Memory Type Range Register (MTRR) for memory above 64GB was omitted. With this update, the /proc/mtrr file has been fixed to show correct base/size if they are more than 44 bit wide. As a result, the whole size of memory is now available as expected under the described circumstances. (BZ#1482855) Affected Software/OS: kernel on CentOS 6 Solution: Please Install the Updated Packages. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7541 1038981 http://www.securitytracker.com/id/1038981 99955 http://www.securityfocus.com/bid/99955 DSA-3927 http://www.debian.org/security/2017/dsa-3927 DSA-3945 http://www.debian.org/security/2017/dsa-3945 RHSA-2017:2863 https://access.redhat.com/errata/RHSA-2017:2863 RHSA-2017:2918 https://access.redhat.com/errata/RHSA-2017:2918 RHSA-2017:2930 https://access.redhat.com/errata/RHSA-2017:2930 RHSA-2017:2931 https://access.redhat.com/errata/RHSA-2017:2931 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8f44c9a41386729fea410e688959ddaa9d51be7c http://openwall.com/lists/oss-security/2017/07/24/2 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.3 https://bugzilla.novell.com/show_bug.cgi?id=1049645 https://bugzilla.redhat.com/show_bug.cgi?id=1473198 https://github.com/torvalds/linux/commit/8f44c9a41386729fea410e688959ddaa9d51be7c https://source.android.com/security/bulletin/2017-11-01 https://www.spinics.net/lists/stable/msg180994.html
Copyright	Copyright (C) 2017 Greenbone AG