CloudLinux - CloudLinux Blog - KernelCare: Patches for CentOS/RHEL/CloudLinux 6 and PCS/Virtuozzo/OpenVZ kernels
Blog

KernelCare: Patches for CentOS/RHEL/CloudLinux 6 and PCS/Virtuozzo/OpenVZ kernels

[This patchset was re-released on Oct 21st with a fix for people running e1000e cards]

CentOS/RHEL/CloudLinux 6 kernels, as well as PCS/Virtuozzo/OpenVZ and CloudLinux 5 hybrid kernels were patched against multiple vulnerabilities fixed in RHEL 2.6.32-504 kernel.

Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.

You can manually update the server by running:
# /usr/bin/kcarectl --update

CVEs: CVE-2014-4608, CVE-2014-3122, CVE-2013-2596, CVE-2014-5045

Details:

  • CVE-2014-4608 lzo1x_decompress_safe() integer overflow
    The lzo decompressor can, if given some really crazy data, possibly overrun some variable types. Modify the checking logic to properly detect overruns before they happen.
  • CVE-2014-3122 mm: try_to_unmap_cluster() should lock_page() before mlocking
    It was found that the try_to_unmap_cluster() function in the Linux kernel's Memory Managment subsystem did not properly handle page locking in certain cases, which could potentially trigger the BUG_ON() macro in the mlock_vma_page() function. A local, unprivileged user could use this flaw to crash the system.
  • CVE-2013-2596 integer overflow in fb_mmap
    An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system.
  • CVE-2014-5045 vfs: refcount issues during unmount on symlink
    A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation.
Beta: CageFS, LVE Manager and LVE Stats updated
Beta: OptimumCache 0.2
 

By accepting you will be accessing a service provided by a third-party external to https://www.cloudlinux.com/

EU e-Privacy Directive

We use cookies to ensure you get the best experience using our website and services. Read more about it in our Privacy Policy. Please agree to the use of cookies to proceed. Alternatively, you may disable cookies in your browser at any time.

You have declined cookies. This decision can be reversed.

You have allowed cookies to be placed on your computer. This decision can be reversed.