CloudLinux Blog - Ubuntu LTS kernels patches to latest version with KernelCare

By accepting you will be accessing a service provided by a third-party external to https://www.cloudlinux.com/

Ubuntu LTS kernels patches to latest version with KernelCare

Ubuntu LTS kernels patches to latest version with KernelCare

 

Ubuntu LTS kernels were updated to latest version. The update includes a number of security bug fixes.

Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare. conf will automatically update, and no action is needed for them.
 
You can manually update the server by running:
# /usr/bin/kcarectl --update
 
Changelog:
ubuntu-trusty:
  CVE-2015-7550: It was discovered that the Linux kernel keyring subsystem contained
    a race between read and revoke operations. A local attacker could use this to
    cause a denial of service (system crash).
  CVE-2015-8543: It was discovered that the Linux kernel networking implementation
    did not validate protocol identifiers for certain protocol families, A local attacker
    could use this to cause a denial of service (system crash) or possibly gain administrative
    privileges.
  CVE-2015-8569: Dmitry Vyukov discovered that the pptp implementation in the Linux
    kernel did not verify an address length when setting up a socket. A local attacker
    could use this to craft an application that exposed sensitive information from
    kernel memory.
  CVE-2015-8575: David Miller discovered that the Bluetooth implementation in the
    Linux kernel did not properly validate the socket address length for Synchronous
    Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive
    information.
  CVE-2015-8785: It was discovered that the Linux kernel's Filesystem in Userspace
    (FUSE) implementation did not handle initial zero length segments properly. A
    local attacker could use this to cause a denial of service (unkillable task).
  cvelist: [CVE-2015-7550, CVE-2015-8543, CVE-2015-8569, CVE-2015-8575, CVE-2015-8785]
  latest-version: kernel-3.13.0-79.123
ubuntu-trusty-lts-utopic:
  CVE-2015-8785: It was discovered that the Linux kernel's Filesystem in Userspace
    (FUSE) implementation did not handle initial zero length segments properly. A
    local attacker could use this to cause a denial of service (unkillable task).
  cvelist: [CVE-2015-8785]
  latest-version: kernel-3.16.0-62.82~14.04.1
ubuntu-trusty-lts-vivid:
  CVE-2015-7550: It was discovered that the Linux kernel keyring subsystem contained
    a race between read and revoke operations. A local attacker could use this to
    cause a denial of service (system crash).
  CVE-2015-8543: It was discovered that the Linux kernel networking implementation
    did not validate protocol identifiers for certain protocol families, A local attacker
    could use this to cause a denial of service (system crash) or possibly gain administrative
    privileges.
  CVE-2015-8569: Dmitry Vyukov discovered that the pptp implementation in the Linux
    kernel did not verify an address length when setting up a socket. A local attacker
    could use this to craft an application that exposed sensitive information from
    kernel memory.
  CVE-2015-8575: David Miller discovered that the Bluetooth implementation in the
    Linux kernel did not properly validate the socket address length for Synchronous
    Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive
    information.
  CVE-2015-8785: It was discovered that the Linux kernel's Filesystem in Userspace
    (FUSE) implementation did not handle initial zero length segments properly. A
    local attacker could use this to cause a denial of service (unkillable task).
  cvelist: [CVE-2015-7550, CVE-2015-8543, CVE-2015-8569, CVE-2015-8575, CVE-2015-8785]
  latest-version: kernel-3.19.0-51.57~14.04.1
ubuntu-trusty-lts-wily:
  CVE-2015-8785: It was discovered that the Linux kernel's Filesystem in Userspace
    (FUSE) implementation did not handle initial zero length segments properly. A
    local attacker could use this to cause a denial of service (unkillable task).
  CVE-2016-2069: Andy Lutomirski discovered a race condition in the Linux kernel's
    translation lookaside buffer (TLB) handling of flush events. A local attacker
    could use this to cause a denial of service or possibly leak sensitive information.
  cvelist: [CVE-2015-8785, CVE-2016-2069]
  latest-version: kernel-4.2.0-30.35~14.04.1

 

 

How to switch from Ksplice to KernelCare in a sing...
CentOS/RHEL 7 kernels are patched to 3.10.0-327.10...
 

Комментарии

Нет созданных комментариев. Будь первым кто оставит комментарий.
Уже зарегистрированны? Войти на сайт
Guest
06.06.2020

Изображение капчи