kernel CVE vulnerability patch info in changelog
Forum
  1. Forums
  2. CloudLinux and Control Panels
  3. CloudLinux and cPanel
  1. Michael Holforty
  2. Monday, 23 March 2015
  3.  Subscribe via email
a while back there i asked about vulnerability paches being listed in the kernel changelog. At the time cloudlinux was not getting the vulnerability CVE number in the change log for easy look up. At that time, it was suggested this was going to be fixed and changed.  Has this been addressed?  Are we able to use a changelog grep for CVE paches yet?

now specifically, one PCI scanner looking at my server is listing this old vulnerability CVE-2012-1146
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1146

rpm -q --changelog kernel-2.6.32-531.29.2.lve1.3.11.1.el6.x86_64 | grep CVE-2012-1146
doesn't show it patched.

googling: cve-2012-1146 site:cloudlinux.com
doesn't show it addressed.

how do I demonstrate to the PCI scan service that this has been addressed on the servers?
Rate this post:
  1. 25.03.2015 15:03:54
  2. # 1
Michael Holforty Accepted Answer
Posts: 14
Joined: 07.03.2014
0
Votes
Undo
PCI scanner has removed this vulnerability from their scan.  But the initial questions are still floating?

additional question, will kernelcare be able to keep the changelog updated with CVE patch numbers?
  1. 25.03.2015 15:03:31
  2. # 2
Igor Seletskiy Accepted Answer
Posts: 1200
Joined: 09.02.2010
0
Votes
Undo
We already have that here:
patches.kernelcare.com

Select the kernel, and you will see CVE patch numbers.
  1. 25.03.2015 16:03:28
  2. # 3
Michael Holforty Accepted Answer
Posts: 14
Joined: 07.03.2014
0
Votes
Undo
Instead of having to do all the cross referencing, it would be really convenient to be able to grep a changelog for the patch.  In that way, we know it has been address AND the patch was applied to the server in one easy step. Also makes less cross referencing to prove security and PCI scanners that an issue has been addressed.
Just my 2 cents.

how about the kernel changelog in the kernel RPMs ?
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.