SummaryThe remote host is missing an update for the ‘bpftool’ package(s) announced via the CESA-2018:3651 advisory.

Vulnerability Detection Result

Package kernel version kernel-3.10.0-862.el7 is installed which is known to be vulnerable.

SolutionSolution type: VendorFix

Please install the updated package(s).

Affected Software/OSbpftool on CentOS 7.

Vulnerability InsightThe kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: stack-based buffer overflow in chap_server_compute_md5() in iscsi target (CVE-2018-14633)

* kernel: NULL pointer dereference in af_netlink.c:__netlink_ns_capable() allows for denial of service (CVE-2018-14646)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Vincent Pelletier for reporting CVE-2018-14633 and Christian Brauner for reporting CVE-2018-14646.

Bug Fix(es):

These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory.

Vulnerability Detection MethodChecks if a vulnerable package version is present on the target host.

Details: CentOS Update for bpftool CESA-2018:3651 centos7 (OID: 1.3.6.1.4.1.25623.1.0.882981)

Version used: $Revision: 12880 $

References

CVE:	CVE-2018-14633, CVE-2018-14646
CERT:	CB-K18/1124, CB-K18/0942, DFN-CERT-2019-0115, DFN-CERT-2018-2579, DFN-CERT-2018-2458, DFN-CERT-2018-2421, DFN-CERT-2018-2398, DFN-CERT-2018-2366, DFN-CERT-2018-2318, DFN-CERT-2018-2304, DFN-CERT-2018-2280, DFN-CERT-2018-2252, DFN-CERT-2018-2129, DFN-CERT-2018-2099, DFN-CERT-2018-2039, DFN-CERT-2018-2029, DFN-CERT-2018-1995, DFN-CERT-2018-1990, DFN-CERT-2018-1963
Other:	CESA:2018:3651
	http://lists.centos.org/pipermail/centos-announce/2018-December/023132.html