Blog

Fix for CVE-2014-3153 vulnerability: new kernels 2.6.32-531.17.1.lve1.2.57 for CL6 & Hybrid

New CL6 and hybrid kernels 2.6.32-531.17.1.lve1.2.57 fixes local vulnerability CVE-2014-3153.
We will provide more details on the exploit itself, once it is publish to general public by MITRE CVE Dictionary

CL5 kernels are not vulnerable.

To update CL6 servers:
$ yum install kernel-2.6.32-531.17.1.lve1.2.57.el6 kmod-lve-1.2-61.el6

To update hybrid servers:
$ yum install kernel-2.6.32-531.17.1.lve1.2.57.el5h kmod-lve-1.2-61.el5h

Followed by reboot.

KernelCare customers should be secured already by a patch released about 14 hours ago.

0
Host Provider
06/08/2014 11:46:50
Will this cause any downtime while installing? (Besides the reboot.)
Link 0
0
Igor Seletskiy
06/08/2014 12:02:05
No downtime besides reboot to update kernel.
Parent Link 0
0
Michael Holforty
06/29/2014 17:03:01
I'm curious why I'm not seeing the CVE show in the kernel changelog.
kcarectl --uname reports:
2.6.32-531.17.1.lve1.2.58.el6.x86_64
yum list installed kernel* also reports:
2.6.32-531.17.1.lve1.2.58.el6

but
rpm -q --changelog kernel.x86_64 | grep CVE-2014

does not show the CVE-2014-3153 as patched. I'm I going about this lookup wrong?
Link 0
0
Igor Seletskiy
06/30/2014 08:29:32
Seems like developers hadn't populated the changelog. Will talk to them.
Parent Link 0