CVE-2014-0196 Vulnerability for CentOS

Question

Trying to patch CVE-2014-0196 Vulnerability but yum can't find packages updates

CentOS 6.5 (Final) Panel version: 11.0.9 Update #61

# uname -r
2.6.32-358.11.1.el6.x86_64

# yum update kernel
Loaded plugins: fastestmirror
Determining fastest mirrors
epel/metalink                                                                   |  23 kB     00:00    
epel: mirror.fraunhofer.de
base                                                                            | 3.7 kB     00:00    
epel                                                                            | 4.4 kB     00:00    
epel/primary_db                                                                 | 6.2 MB     00:00    
extras                                                                          | 3.4 kB     00:00    
updates                                                                         | 3.4 kB     00:00    
updates/primary_db                                                              | 3.7 MB     00:00    
Setting up Update Process
No Packages marked for Update

EDIT 1

# rpm -q kernel
kernel-2.6.32-358.6.2.el6.x86_64
kernel-2.6.32-358.11.1.el6.x86_64
kernel-2.6.32-431.20.3.el6.x86_64

EDIT 2

# yum repolist all
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * epel: mirror.fraunhofer.de
repo id                        repo name                                                status
base                           CentOS-6 - Base                                          enabled:  6,367
epel                           Extra Packages for Enterprise Linux 6 - x86_64           enabled: 10,970
extras                         CentOS-6 - Extras                                        enabled:     14
updates                        CentOS-6 - Updates                                       enabled:  1,104
repolist: 18,455

There should be a later kernel available; I'm on 2.6.32-431.20.3.el6.x86_64. Are you running off weird (ie, non-global) repositories, or have you in some other way tied your system down (eg, not to update the kernel automatically)? — MadHatter, Jul 04 '14 at 08:21
@MadHatter Standard repos, I guess, according to the list (EDIT 2) — hsands, Jul 04 '14 at 14:14
Stop editing, Iain has solved this. You have the latest kernel installed. No amount of `yum`ming will improve that. You just need to **boot** the new kernel, and as Iain says, that is a whole different question *which you should try to solve yourself before asking about it*. — MadHatter, Jul 04 '14 at 14:17
All of the kernel versions you have shown here have been patched for this issue. Including the one you're "mysteriously" running. So this question seems kind of pointless. — Michael Hampton, Jul 04 '14 at 15:21
@MichaelHampton According to https://bugs.centos.org/view.php?id=7119 and other sources, version affected: 2.6.31-rc3 and newer. — hsands, Jul 12 '14 at 11:46
@hsands So? That doesn't tell you whether they have been patched. Did you even _read_ the bug report you linked to? — Michael Hampton, Jul 12 '14 at 13:00

score 5 · Accepted Answer · answered Jul 04 '14 at 12:41

5

It looks like you already have the most up-to-date kernel

kernel-2.6.32-431.20.3.el6.x86_64

on your system so yum is correct in that there is nothing to do. However this kernel is not active.

uname -r
2.6.32-358.11.1.el6.x86_64

You will need to reboot your system to make it active.

answered Jul 04 '14 at 12:41

user9517

114,104
20
206
289

Weird, after rebooting uname command keeps showing 2.6.32-358.11.1.el6.x86_64 – hsands Jul 04 '14 at 13:13
3

That's a different problem than the one here. You should spend some time trying to solve it yourself then if necessary ask another question. – user9517 Jul 04 '14 at 13:21
1

Thanks for your help, the problem was the default parameter in grub.conf was pointing to the previous kernel. It had never happened before after many automatic updates – hsands Jul 04 '14 at 16:06

CVE-2014-0196 Vulnerability for CentOS

1 Answers1