Blog Elements | SecurityOrb.com

CentOS Update for bpftool CESA-2018:3651 centos7 (OID: 1.3.6.1.4.1.25623.1.0.882981)

SummaryThe remote host is missing an update for the ‘bpftool’ package(s) announced via the CESA-2018:3651 advisory.

Vulnerability Detection Result

Package kernel version kernel-3.10.0-862.el7 is installed which is known to be vulnerable.

SolutionSolution type: VendorFix

Please install the updated package(s).

Affected Software/OSbpftool on CentOS 7.

Vulnerability InsightThe kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: stack-based buffer overflow in chap_server_compute_md5() in iscsi target (CVE-2018-14633)

* kernel: NULL pointer dereference in af_netlink.c:__netlink_ns_capable() allows for denial of service (CVE-2018-14646)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Vincent Pelletier for reporting CVE-2018-14633 and Christian Brauner for reporting CVE-2018-14646.

Bug Fix(es):

These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory.

Vulnerability Detection MethodChecks if a vulnerable package version is present on the target host.

Details: CentOS Update for bpftool CESA-2018:3651 centos7 (OID: 1.3.6.1.4.1.25623.1.0.882981)

Version used: $Revision: 12880 $

References

CVE:	CVE-2018-14633, CVE-2018-14646
CERT:	CB-K18/1124, CB-K18/0942, DFN-CERT-2019-0115, DFN-CERT-2018-2579, DFN-CERT-2018-2458, DFN-CERT-2018-2421, DFN-CERT-2018-2398, DFN-CERT-2018-2366, DFN-CERT-2018-2318, DFN-CERT-2018-2304, DFN-CERT-2018-2280, DFN-CERT-2018-2252, DFN-CERT-2018-2129, DFN-CERT-2018-2099, DFN-CERT-2018-2039, DFN-CERT-2018-2029, DFN-CERT-2018-1995, DFN-CERT-2018-1990, DFN-CERT-2018-1963
Other:	CESA:2018:3651
	http://lists.centos.org/pipermail/centos-announce/2018-December/023132.html

Breach:	MyFitnessPal
Date of breach:	1 Feb 2018
Number of accounts:	143,606,147
Compromised data:	Email addresses, IP addresses, Passwords, Usernames
Description:	In February 2018, the diet and exercise service MyFitnessPal suffered a data breach. The incident exposed 144 million unique email addresses alongside usernames, IP addresses and passwords stored as SHA-1 and bcrypt hashes (the former for earlier accounts, the latter for newer accounts). In 2019, the data appeared listed for sale on a dark web marketplace (along with several other large breaches) and subsequently began circulating more broadly. The data was provided to HIBP by a source who requested it to be attributed to “BenjaminBlue@exploit.im“.

Half Sized Blog Element (Single Author Style)

Half Sized Blog Element (Multi Author Style)

CentOS Update for bpftool CESA-2018:3651 centos7

MyFitnessPal Data Breach

CentOS Update for bpftool CESA-2018:3651 centos7

MyFitnessPal Data Breach

Full Sized Blog Element (Big Preview Pic)

CentOS Update for bpftool CESA-2018:3651 centos7

MyFitnessPal Data Breach

INTERESTING LINKS

Latest News

Business Hours