CentOS/RHEL 7 kernels are patched to latest 3.10.0-123.6.3 kernel.
CentOS/RHEL 5 kernel patches were updated to correctly handle systems with aacraid devices
CloudLinux 5 hybrid kernel patches were updated to correctly handle stuck khungtask threads
Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.
You can manually update the server by running:
# /usr/bin/kcarectl --update
CVEs: CVE-2014-0181, CVE-2014-2672, CVE-2014-2706, CVE-2014-4667
- CVE-2014-0181 net: Use netlink_ns_capable to verify the permisions of netlink messages
It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process.
- CVE-2014-2672 ath9k: protect tid->sched check
It was found that a remote attacker could use a race condition flaw in the ath_tx_aggr_sleep() function to crash the system by creating large network traffic on the system's Atheros 9k wireless network adapter.
- CVE-2014-2706 mac80211: fix AP powersave TX vs. wakeup race
A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake-up code paths. A remote attacker could use this flaw to crash the system.
- CVE-2014-4667 sctp: Fix sk_ack_backlog wrap-around problem
The sctp_association_free function in net/sctp/associola.c in does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.