KernelCare update was released
7 views
Skip to first unread message
KernelCare
Nov 7, 2019, 3:38:05 AM11/7/19
to kernelcar...@googlegroups.com
Dear Customers,
KernelCare prepared security updates for your system.
Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.
You can manually update the server by running:
/usr/bin/kcarectl --update
Changelog:
rhel7:
CVE-2018-20856: In block/blk-core.c, there is an __blk_drain_queue() use-after-free
because a certain error case is mishandled.
CVE-2019-10126: A flaw was found in the Linux kernel. A heap based buffer overflow
in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c
might lead to memory corruption and possibly other consequences.
CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate
privileges was found in the mwifiex kernel module while connecting to a malicious
wireless network.
CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1
permits sufficiently low encryption key length and does not prevent an attacker
from influencing the key length negotiation. This allows practical brute-force
attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext
without the victim noticing.
cvelist: [CVE-2018-20856, CVE-2019-10126, CVE-2019-3846, CVE-2019-9506]
latest-version: kernel-3.10.0-1062.1.2.el7
oel7:
CVE-2018-20856: In block/blk-core.c, there is an __blk_drain_queue() use-after-free
because a certain error case is mishandled.
CVE-2019-10126: A flaw was found in the Linux kernel. A heap based buffer overflow
in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c
might lead to memory corruption and possibly other consequences.
CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate
privileges was found in the mwifiex kernel module while connecting to a malicious
wireless network.
CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1
permits sufficiently low encryption key length and does not prevent an attacker
from influencing the key length negotiation. This allows practical brute-force
attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext
without the victim noticing.
cvelist: [CVE-2018-20856, CVE-2019-10126, CVE-2019-3846, CVE-2019-9506]
latest-version: kernel-3.10.0-1062.1.2.el7
KernelCare prepared security updates for your system.
Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.
You can manually update the server by running:
/usr/bin/kcarectl --update
Changelog:
rhel7:
CVE-2018-20856: In block/blk-core.c, there is an __blk_drain_queue() use-after-free
because a certain error case is mishandled.
CVE-2019-10126: A flaw was found in the Linux kernel. A heap based buffer overflow
in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c
might lead to memory corruption and possibly other consequences.
CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate
privileges was found in the mwifiex kernel module while connecting to a malicious
wireless network.
CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1
permits sufficiently low encryption key length and does not prevent an attacker
from influencing the key length negotiation. This allows practical brute-force
attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext
without the victim noticing.
cvelist: [CVE-2018-20856, CVE-2019-10126, CVE-2019-3846, CVE-2019-9506]
latest-version: kernel-3.10.0-1062.1.2.el7
oel7:
CVE-2018-20856: In block/blk-core.c, there is an __blk_drain_queue() use-after-free
because a certain error case is mishandled.
CVE-2019-10126: A flaw was found in the Linux kernel. A heap based buffer overflow
in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c
might lead to memory corruption and possibly other consequences.
CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate
privileges was found in the mwifiex kernel module while connecting to a malicious
wireless network.
CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1
permits sufficiently low encryption key length and does not prevent an attacker
from influencing the key length negotiation. This allows practical brute-force
attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext
without the victim noticing.
cvelist: [CVE-2018-20856, CVE-2019-10126, CVE-2019-3846, CVE-2019-9506]
latest-version: kernel-3.10.0-1062.1.2.el7
KernelCare
Nov 7, 2019, 8:03:35 AM11/7/19
to kernelcar...@googlegroups.com
KernelCare
Nov 8, 2019, 5:54:05 AM11/8/19
to kernelcar...@googlegroups.com
Dear Customers,
KernelCare prepared security updates for your system.
Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.
You can manually update the server by running:
/usr/bin/kcarectl --update
Changelog:
centos7:
KernelCare prepared security updates for your system.
Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.
You can manually update the server by running:
/usr/bin/kcarectl --update
Changelog:
Reply all
Reply to author
Forward
0 new messages