kernel CVE vulnerability patch info in changelog
  1. Forums
  2. CloudLinux and Control Panels
  3. CloudLinux and cPanel
  1. Michael Holforty
  2. 23.03.2015
  3.  Subscribe via email
a while back there i asked about vulnerability paches being listed in the kernel changelog. At the time cloudlinux was not getting the vulnerability CVE number in the change log for easy look up. At that time, it was suggested this was going to be fixed and changed.  Has this been addressed?  Are we able to use a changelog grep for CVE paches yet?

now specifically, one PCI scanner looking at my server is listing this old vulnerability CVE-2012-1146

rpm -q --changelog kernel-2.6.32-531.29.2.lve1.3.11.1.el6.x86_64 | grep CVE-2012-1146
doesn't show it patched.

googling: cve-2012-1146
doesn't show it addressed.

how do I demonstrate to the PCI scan service that this has been addressed on the servers?
Rate this post:
  1. 25.03.2015 15:03:54
  2. # 1
Michael Holforty Accepted Answer
Posts: 13
Joined: 07.03.2014
PCI scanner has removed this vulnerability from their scan.  But the initial questions are still floating?

additional question, will kernelcare be able to keep the changelog updated with CVE patch numbers?
  1. 25.03.2015 15:03:31
  2. # 2
Igor Seletskiy Accepted Answer
Posts: 1194
Joined: 09.02.2010
We already have that here:

Select the kernel, and you will see CVE patch numbers.
  1. 25.03.2015 16:03:28
  2. # 3
Michael Holforty Accepted Answer
Posts: 13
Joined: 07.03.2014
Instead of having to do all the cross referencing, it would be really convenient to be able to grep a changelog for the patch.  In that way, we know it has been address AND the patch was applied to the server in one easy step. Also makes less cross referencing to prove security and PCI scanners that an issue has been addressed.
Just my 2 cents.

how about the kernel changelog in the kernel RPMs ?
  • Page :
  • 1

There are no replies made for this post yet.
Be one of the first to reply to this post!
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.

EU e-Privacy Directive

This website uses cookies to ensure you get the best experience using our website and services. If you prefer we don’t use cookies, please disable them in your browser.

You have declined cookies. This decision can be reversed.

You have allowed cookies to be placed on your computer. This decision can be reversed.