CentOS Update for bpftool CESA-2018:3651 centos7
Package kernel version kernel-3.10.0-862.el7 is installed which is known to be vulnerable.
Please install the updated package(s).
Security Fix(es):
* kernel: stack-based buffer overflow in chap_server_compute_md5() in iscsi target (CVE-2018-14633)
* kernel: NULL pointer dereference in af_netlink.c:__netlink_ns_capable() allows for denial of service (CVE-2018-14646)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Vincent Pelletier for reporting CVE-2018-14633 and Christian Brauner for reporting CVE-2018-14646.
Bug Fix(es):
These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory.
Details: CentOS Update for bpftool CESA-2018:3651 centos7 (OID: 1.3.6.1.4.1.25623.1.0.882981)
Version used: $Revision: 12880 $
CVE: | CVE-2018-14633, CVE-2018-14646 |
CERT: | CB-K18/1124, CB-K18/0942, DFN-CERT-2019-0115, DFN-CERT-2018-2579, DFN-CERT-2018-2458, DFN-CERT-2018-2421, DFN-CERT-2018-2398, DFN-CERT-2018-2366, DFN-CERT-2018-2318, DFN-CERT-2018-2304, DFN-CERT-2018-2280, DFN-CERT-2018-2252, DFN-CERT-2018-2129, DFN-CERT-2018-2099, DFN-CERT-2018-2039, DFN-CERT-2018-2029, DFN-CERT-2018-1995, DFN-CERT-2018-1990, DFN-CERT-2018-1963 |
Other: | CESA:2018:3651 |
http://lists.centos.org/pipermail/centos-announce/2018-December/023132.html |
Leave a Reply
Want to join the discussion?Feel free to contribute!