CVE-2014-0196 vulnerability update
Forum
  1. Forums
  2. General
  3. General Discussion
  1. Ayush Goyal
  2. Wednesday, 21 May 2014
  3.  Subscribe via email
In the post:
http://www.cloudlinux.com/blog/clnews/kernelcare-cve20140196-local-dos-and-arbitrary-code-execution-vulnerab.php

It is mentioned that the fix has just been pushed via kernel care and there are no kernel updates and this is still being investigated if it affects cloudlinux.

Redhat has pushed out fixes for their kernels:
https://access.redhat.com/security/cve/CVE-2014-0196

I have a few queries in this regards:
When will we get the kernel update to fix this issue or has it been pushed?
Is the only way to get this right now is via kernelcare?
Does it not affect the cloudlinux kernel version 2.6.32-458.6.2 onwards since it is based on the red hat kernel?

-- Ayush
Rate this post:
  1. 21.05.2014 09:05:27
  2. # 1
Igor Seletskiy Accepted Answer
Posts: 1200
Joined: 09.02.2010
0
Votes
Undo
The RHEL / CentOS kernels before 2.6.32-358.6.1.el6, openvz kernels before 042stab078.1 and CL kernels before 2.6.32-458.6.2 are all vulnerable to this exploit. 
any newer kernels are not vulnerable.

While this patch might still make it in the future versions of kernel -- it is just going to be a bug fix, not a security fix any more.
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.