My previous blog talked about some cool use cases of ksplice and I used Oracle Linux 5 as the example. In this blog entry I just wanted to add Oracle Linux 6 to it. For Oracle Linux 6, we go all the way back to the GA date of OL6. 2.6.32-71.el6
build date Wed Dec 15 12:36:54 EST 2010
. And we support ksplice online updates from that point on, up to today. The same model, you can be on any Oracle Linux 6 kernel, an errata update, a specific kernel from an update release like 6.1,... 6.5,... and get current with CVEs and critical fixes from then on. After running uptrack-upgrade, I get to be current : 2.6.32-431.29.2.el6
I ran out of xterm buffer space ;-) so starting with the Installing part of the output of uptrack-upgrade -y :
Installing [1y0hqxq7] Invalid memory access in dynamic debug entry listing.
Installing [1f9nec9b] Clear garbage data on the kernel stack when handling signals.
Installing [lrh0cfph] Reduce usage of reserved percpu memory.
Installing [uo1fmxxr] CVE-2010-2962: Privilege escalation in i915 pread/pwrite ioctls.
Installing [11ofaaud] CVE-2010-3084: Buffer overflow in ETHTOOL_GRXCLSRLALL command.
Installing [8u4favcu] CVE-2010-3301: Privilege escalation in 32-bit syscall entry via ptrace.
Installing [ayk01zir] CVE-2010-3432: Remote denial of service vulnerability in SCTP.
Installing [p1o8wy3o] CVE-2010-3442: Heap corruption vulnerability in ALSA core.
Installing [r1mlwooa] CVE-2010-3705: Remote memory corruption in SCTP HMAC handling.
Installing [584zm6x2] CVE-2010-3904: Local privilege escalation vulnerability in RDS sockets.
Installing [vt03uggp] CVE-2010-2955: Information leak in wireless extensions.
Installing [7rzgltfi] CVE-2010-3079: NULL pointer dereference in ftrace.
Installing [oyaovezn] CVE-2010-3437: Information leak in pktcdvd driver.
Installing [70cjk1y6] CVE-2010-3698: Denial of service vulnerability in KVM host.
Installing [9dm5foy9] CVE-2010-3081: Privilege escalation through stack underflow in compat.
Installing [mhsn7n2j] Memory corruption during KSM swapping.
Installing [kn5l6sh5] KVM guest crashes due to unsupported model-specific registers.
Installing [xmx98rz9] Erroneous merge of block write with block discard request.
Installing [23nlxpse] CVE-2010-2803: Information leak in drm subsystem.
Installing [mo9lbpsi] Memory leak in DRM buffer object LRU list handling.
Installing [91hrmhbr] Memory leak in GEM drm_vma_entry handling.
Installing [apryc0uo] CVE-2010-3865: Integer overflow in RDS rdma page counting.
Installing [ur02tbrc] CVE-2010-4160: Privilege escalation in PPP over L2TP.
Installing [5o3hvdgy] CVE-2010-4263: NULL pointer dereference in igb network driver.
Installing [a3z3nda1] CVE-2010-3477: Information leak in tcf_act_police_dump.
Installing [lsd1hzvx] CVE-2010-3078: Information leak in xfs_ioc_fsgetxattr.
Installing [z92iokkb] CVE-2010-3080: Privilege escalation in ALSA sound system OSS emulation.
Installing [23yh7u1i] CVE-2010-3861: Information leak in ETHTOOL_GRXCLSRLALL ioctl.
Installing [jxtltpyu] CVE-2010-4163 and CVE-2010-4668: Kernel panic in block subsystem.
Installing [5fuyrpx3] CVE-2010-4162: Integer overflow in block I/O subsystem.
Installing [ylkgl75m] CVE-2010-4242: NULL pointer dereference in Bluetooth HCI UART driver.
Installing [ppawlabm] CVE-2010-4248: Race condition in __exit_signal with multithreaded exec.
Installing [q4n7w8t6] CVE-2010-3067: Information leak in sys_io_submit.
Installing [0w2s15ix] CVE-2010-3298: Information leak in hso_get_count().
Installing [dfi8ncbj] CVE-2010-3876: Kernel information leak in packet subsystem.
Installing [ahrdouix] CVE-2010-4073: Kernel information leaks in ipc compat subsystem.
Installing [wvbjfli8] CVE-2010-4074: Information leak in USB Moschip 7720/7840/7820 serial drivers.
Installing [pkhcqtro] CVE-2010-4075: Kernel information leak in serial subsystem.
Installing [cwksn40u] CVE-2010-4077: Kernel information leak in nozomi driver.
Installing [q4d3smds] CVE-2010-4079: Information leak in Conexant cx23415 framebuffer driver.
Installing [z4duwd7q] CVE-2010-4080 and CVE-2010-4081: Information leaks in sound drivers.
Installing [eajqjo74] CVE-2010-4082: Kernel information leak in VIAFB_GET_INFO.
Installing [6hrf2a3e] CVE-2010-4083: Information leak in System V IPC.
Installing [3xm2ly3f] CVE-2010-4158: Kernel information leak in socket filters.
Installing [5y2oasdw] CVE-2010-4525: Information leak in KVM VCPU events ioctl.
Installing [35e4qfr6] CVE-2010-2492: Privilege escalation in eCryptfs.
Installing [rr12rtq3] Data corruption due to bad flags in break_lease and may_open.
Installing [20cz9gp7] Kernel oops in network neighbour update.
Installing [m650djkx] Deadlock on fsync during dm device resize.
Installing [c19gus65] CVE-2010-3880: Logic error in INET_DIAG bytecode auditing.
Installing [3e86rex1] CVE-2010-4249: Local denial of service vulnerability in UNIX sockets.
Installing [cxb3m3ae] CVE-2010-4165: Denial of service in TCP from user MSS.
Installing [dii4wm64] CVE-2010-4169: Use-after-free bug in mprotect system call.
Installing [e465fr49] CVE-2010-4243: Denial of service due to wrong execve memory accounting.
Installing [5s3fe1cn] Mitigate denial of service attacks with large argument lists.
Installing [j8jwyth1] Memory corruption in multipath deactivation queueing.
Installing [5qkkyd5m] Kernel panic in network bonding on ARP receipt.
Installing [f9j8s6u6] Failure to recover NFSv4 client state on server reboot.
Installing [qa379ag5] CVE-2011-0714: Remote denial of service in RPC server sockets.
Installing [12q8wuvd] CVE-2011-0521: Buffer underflow vulnerability in av7110 driver.
Installing [tm68xsph] CVE-2011-0695: Remote denial of service in InfiniBand setup.
Installing [fk2zg5ec] CVE-2010-4656: Buffer overflow in I/O-Warrior USB driver.
Installing [bcfvwcux] CVE-2011-0716: Memory corruption in IGMP bridge snooping.
Installing [smkv0oja] CVE-2011-1478: NULL dereference in GRO with promiscuous mode.
Installing [3eu2kr7i] CVE-2010-3296: Kernel information leak in cxgb driver.
Installing [3skmaxct] CVE-2010-4346: Bypass of mmap_min_addr using install_special_mapping.
Installing [xuxi8p7r] CVE-2010-4648: Ineffective countermeasures in Orinoco wireless driver.
Installing [7npiqvil] CVE-2010-4655: Information leak in ETHTOOL_GREGS ioctl.
Installing [en0luyx8] Denial of service on empty virtio_console write.
Installing [yv0cumoa] Denial of service in r8169 receive queue handling.
Installing [j6vlp89e] Failure of virtio_net device on guest low-memory condition.
Installing [q53j90kj] KVM guest crash due to stale memory on migration.
Installing [ri498cnm] KVM guest crash due to unblocked NMIs on STI instruction.
Installing [tlrgiz2i] CVE-2010-4526: Remote denial of service vulnerability in SCTP.
Installing [9eta98wf] Use-after-free in CIFS session management.
Installing [19wu4xr4] CVE-2011-0712: Buffer overflows in caiaq driver.
Installing [3cxo6wrf] CVE-2011-1079: Denial of service in Bluetooth BNEP.
Installing [kzieu2je] CVE-2011-1080: Information leak in netfilter.
Installing [ekzp14u9] CVE-2010-4258: Failure to revert address limit override after oops.
Installing [jd3cmfll] CVE-2011-0006: Unhandled error condition when adding security rules.
Installing [jk52g3fx] CVE-2010-4649, CVE-2011-1044: Buffer overflow in InfiniBand uverb handling.
Installing [z2ne1xi4] CVE-2011-1013: Signedness error in drm.
Installing [gb4ntots] Cache allocation bug in DCCP.
Installing [pe4f00pm] CVE-2011-1093: NULL pointer dereference in DCCP.
Installing [yypibd1k] CVE-2011-1573: Denial of service in SCTP.
Installing [02al7nxj] CVE-2011-0726: Address space leakage through /proc/pid/stat.
Installing [00ahpz3z] CVE-2011-0711: Information leak in XFS filesystem.
Installing [iczdh30p] CVE-2010-4250: Reference count leak in inotify failure path.
Installing [ea8bohrp] Infinite loop in tty auditing.
Installing [85iuyyyj] Buffer overflow in iptables CLUSTERIP target.
Installing [8o0892h3] CVE-2010-4565: Information leak in Broadcast Manager CAN protocol.
Installing [p3ck0dr6] CVE-2011-1019: Module loading restriction bypass with CAP_NET_ADMIN.
Installing [w8sa7qie] CVE-2011-1016: Privilege escalation in radeon GPU driver.
Installing [aqnhua0z] CVE-2011-1010: Denial of service parsing malformed Mac OS partition tables.
Installing [mla0f8wz] CVE-2011-1082: Denial of service in epoll.
Installing [5dbkxjue] CVE-2011-1090: Denial of service in NFSv4 client.
Installing [4qj7c7qc] CVE-2011-1163: Kernel information leak parsing malformed OSF partition tables.
Installing [3vf1zjzf] CVE-2011-1170, CVE-2011-1171, CVE-2011-1172: Information leaks in netfilter.
Installing [a03rwxbz] CVE-2011-1494, CVE-2011-1495: Privilege escalation in LSI MPT Fusion SAS 2.0 driver.
Installing [7z04dctw] Incorrect interrupt handling on down e1000 interface.
Installing [ep319ryq] CVE-2011-1770: Remote denial of service in DCCP options parsing.
Installing [qp7al6tc] CVE-2010-3858: Denial of service vulnerability with large argument lists.
Installing [85n0mc4q] CVE-2011-1598: Denial of service in CAN/BCM protocol.
Installing [z8t1hsjb] CVE-2011-1748: Denial of service in CAN raw sockets.
Installing [pvtdn3yd] CVE-2011-1767: Incorrect initialization order in ip_gre.
Installing [xughs2jb] CVE-2011-1768: Incorrect initialization order in IP tunnel protocols.
Installing [k6a6bqyr] CVE-2011-2479: Denial of service with transparent hugepages and /dev/zero.
Installing [pmkvbrcc] CVE-2011-1776: Missing boundary checks in EFI partition table parsing.
Installing [pb9pjnnn] CVE-2011-1182: Signal spoofing in rt_sigqueueinfo.
Installing [mnpd8mip] CVE-2011-1593: Missing bounds check in proc filesystem.
Installing [d6vuea6w] CVE-2011-2213: Arbitrary code injection bug in IPv4 subsystem.
Installing [zmfowuqn] CVE-2011-2491: Local denial of service in NLM subsystem.
Installing [402w3brr] CVE-2011-2492: Information leak in bluetooth implementation.
Installing [vi7qxs20] CVE-2011-2497: Buffer overflow in the Bluetooth subsystem.
Installing [ql0oxrhk] CVE-2011-2517: Buffer overflow in nl80211 driver.
Installing [0xcbigxp] CVE-2011-1576: Denial of service with VLAN packets and GRO.
Installing [127f4d1u] CVE-2011-2695: Off-by-one errors in the ext4 filesystem.
Installing [w72wz6f4] CVE-2011-2495: Information leak in /proc/PID/io.
Installing [c8v0sk8t] CVE-2011-1160: Information leak in tpm driver.
Installing [1nt1dahj] CVE-2011-1745, CVE-2011-2022: Privilege escalation in AGP subsystem.
Installing [bxqvqvef] CVE-2011-1746: Integer overflow in agp_allocate_memory.
Installing [d4m9k310] CVE-2011-2484: Denial of service in taskstats subsystem.
Installing [3vlbyy24] CVE-2011-2496: Local denial of service in mremap().
Installing [e0lkqz3i] CVE-2011-2723: Remote denial of service vulnerability in gro.
Installing [99r3sbjg] CVE-2011-2898: Information leak in packet subsystem
Installing [3ev4sw2b] CVE-2011-2918: Denial of service in event overflows in perf.
Installing [ll9j5877] CVE-2011-1833: Information disclosure in eCryptfs.
Installing [ww2gv7iv] CVE-2011-3359: Denial of service in Broadcom 43xx wireless driver.
Installing [9x0ub4l1] CVE-2011-3363: Denial of service in CIFS via malicious DFS referrals.
Installing [ggvpdbug] CVE-2011-3188: Weak TCP sequence number generation.
Installing [z4pt0sai] CVE-2011-1577: Denial of service in GPT partition handling.
Installing [omnzxxxr] CVE-2011-3353: Denial of service in FUSE via FUSE_NOTIFY_INVAL_ENTRY.
Installing [o4xkg2el] CVE-2011-3191: Privilege escalation in CIFS directory reading.
Installing [e2eyyaf9] CVE-2011-1162: Information leak in TPM driver.
Installing [1fmgtd1b] CVE-2011-4326: Denial of service in IPv6 UDP Fragmentation Offload.
Installing [ldjwxwd5] CVE-2011-2699: Predictable IPv6 fragment identification numbers.
Installing [tnhvync5] CVE-2011-2494: Information leak in task/process statistics.
Installing [gi4te905] CVE-2011-3593: Denial of service in VLAN with priority tagged frames.
Installing [h1wiua6s] CVE-2011-4110: Denial of service in kernel key management facilities.
Installing [4yrxpwih] CVE-2011-3638: Disk layout corruption bug in ext4 filesystem.
Installing [gz5jfzi3] CVE-2011-1020: Missing access restrictions in /proc subsystem.
Installing [o31erbbr] CVE-2011-4127: KVM privilege escalation through insufficient validation in SG_IO ioctl.
Installing [yqaa1zsp] Arithmetic overflow in clock source calculations.
Installing [vxfxrncu] CVE-2011-4077: Buffer overflow in xfs_readlink.
Installing [rnvy1bow] CVE-2011-4081: NULL pointer dereference in GHASH cryptographic algorithm.
Installing [5bokjzmm] CVE-2011-4132: Denial of service in Journaling Block Device layer.
Installing [q7t7hls4] CVE-2011-4347: Denial of service in KVM device assignment.
Installing [wmeoffm9] CVE-2011-4622: NULL pointer deference in KVM interval timer emulation.
Installing [gu3picnz] CVE-2012-0038: In-memory corruption in XFS ACL processing.
Installing [v2td9qse] CVE-2012-0045: Denial of service in KVM system call emulation.
Installing [n2xairv0] CVE-2012-0879: Denial of service in CLONE_IO.
Installing [2k2kq44h] Fix crash on discard in the software RAID driver.
Installing [i244mlk5] CVE-2012-1097: NULL pointer dereference in the ptrace subsystem.
Installing [2anjx00z] CVE-2012-1090: Denial of service in the CIFS filesystem reference counting.
Installing [3ujb9j7q] Inode corruption in XFS inode lookup.
Installing [01x2k6jv] Denial of service due to race condition in the scheduler subsystem.
Installing [hfh1ug4u] CVE-2011-4086: Denial of service in journaling block device.
Installing [4wb0i9tz] CVE-2012-1601: Denial of service in KVM VCPU creation.
Installing [aqut3qai] CVE-2012-0044: Integer overflow and memory corruption in DRM CRTC support.
Installing [0zkt2e47] CVE-2012-2123: Privilege escalation when assigning permissions using fcaps.
Installing [pe6u1nwx] CVE-2012-2136: Privilege escalation in TUN/TAP virtual device.
Installing [jqtlake1] CVE-2012-2121: Memory leak in KVM device assignment.
Installing [u6ys5804] CVE-2012-2137: Buffer overflow in KVM MSI routing entry handler.
Installing [lr9cjz2p] CVE-2012-2372: Denial of service in Reliable Datagram Sockets protocol.
Installing [nscqru85] CVE-2012-1179 and CVE-2012-2373: Hugepage denial of service.
Installing [j01o1nco] ext4 filesystem corruption on fallocate.
Installing [p37lmn34] CVE-2012-2745: Denial-of-service in kernel key management.
Installing [alprvnsv] CVE-2012-2744: Remote denial-of-service in IPv6 connection tracking.
Installing [m06ws6vc] Unreliable futexes with read-only shared mappings.
Installing [b7mpy2k1] CVE-2011-1078: Information leak in Bluetooth SCO link driver.
Installing [pywfzhvz] CVE-2012-2384: Integer overflow in i915 execution buffer.
Installing [2ibdnvmo] Livelock due to invalid locking strategy when adding a leap-second.
Installing [oixf5hkj] CVE-2012-2384: Additional fix for integer overflow in i915 execution buffer.
Installing [m4x7vdnl] CVE-2012-2390: Memory leak in hugetlbfs mmap() failure.
Installing [o2a3jmox] CVE-2012-2313: Privilege escalation in the dl2k NIC.
Installing [u3qpyl86] CVE-2012-3430: kernel information leak in RDS sockets.
Installing [wr1of5oe] CVE-2012-3552: Denial-of-service in IP options handling.
Installing [y40wlmcw] CVE-2012-3412: Remote denial of service through TCP MSS option in SFC NIC.
Installing [dxshabnc] Use-after-free in USB.
Installing [aovf4isj] Race condition in SUNRPC.
Installing [trz9wa6p] CVE-2012-3400: Buffer overflow in UDF parsing.
Installing [062ge0uf] CVE-2012-3511: Use-after-free due to race condition in madvise.
Installing [tu585kp5] CVE-2012-1568: A predictable base address with shared libraries and ASLR.
Installing [fky5li3t] CVE-2012-2133: Use-after-free in hugetlbfs quota handling.
Installing [xtpg99y6] CVE-2012-5517: NULL pointer dereference in memory hotplug.
Installing [ffehzdo8] CVE-2012-4444: Prohibit reassembling IPv6 fragments when some data overlaps.
Installing [u0d6ztl3] CVE-2012-4565: Divide by zero in TCP congestion control Algorithm.
Installing [7au7wp12] CVE-2012-2100: Divide-by-zero mounting an ext4 filesystem.
Installing [80vrmgyk] CVE-2012-4530: Kernel information leak in binfmt execution.
Installing [uytq1dk0] CVE-2012-4398: Denial-of-service in kernel module loading.
Installing [3c5erej0] CVE-2013-0310: NULL pointer dereference in CIPSO socket options.
Installing [j8x8j89y] CVE-2013-0311: Privilege escalation in vhost descriptor management.
Installing [mkibg12j] CVE-2012-4508: Stale data exposure in ext4.
Installing [daw7s3mo] CVE-2012-4542: SCSI command filter does not restrict access to read-only devices.
Installing [nqlo7yy2] CVE-2013-0871: Privilege escalation in PTRACE_SETREGS.
Installing [l6zf9mec] CVE-2013-0268: /dev/cpu/*/msr local privilege escalation.
Installing [r88p6prz] CVE-2013-1798: Information leak in KVM APIC driver.
Installing [tquaqo7o] CVE-2013-1792: Denial-of-service in user keyring management.
Installing [ao71x17l] CVE-2012-6537: Kernel information leaks in network transformation subsystem.
Installing [875umolk] CVE-2013-1826: NULL pointer dereference in XFRM buffer size mismatch.
Installing [4dr93r2j] CVE-2013-1827: Denial-of-service in DCCP socket options.
Installing [cdrfdlrt] CVE-2013-0349: Kernel information leak in Bluetooth HIDP support.
Installing [9j8xk8dz] CVE-2012-6546: Information leak in ATM sockets.
Installing [4oeurjvw] CVE-2013-1767: Use-after-free in tmpfs mempolicy remount.
Installing [yhprsmoc] CVE-2013-1773: Heap buffer overflow in VFAT Unicode handling.
Installing [amh400jp] CVE-2012-6547: Kernel stack leak from TUN ioctls.
Installing [532069fc] CVE-2013-1774: NULL pointer dereference in USB Inside Out Edgeport serial driver.
Installing [uaslykxk] CVE-2013-2017: Double free in Virtual Ethernet Tunnel driver (veth).
Installing [1vegmzxj] CVE-2013-1943: Local privilege escalation in KVM memory mappings.
Installing [wddz9qxt] CVE-2012-6548: Information leak in UDF export.
Installing [d51dm2vs] CVE-2013-0914: Information leak in signal handlers.
Installing [sxb5x0pd] CVE-2013-2852: Invalid format string usage in Broadcom B43 wireless driver.
Installing [vzlh2p9r] CVE-2013-3222: Kernel stack information leak in ATM sockets.
Installing [l1wlz1f1] CVE-2013-3224: Kernel stack information leak in Bluetooth sockets.
Installing [m0y7j4ra] CVE-2013-3225: Kernel stack information leak in Bluetooth rfcomm.
Installing [3m5ckvvm] CVE-2013-3301: NULL pointer dereference in tracing sysfs files.
Installing [o44ucnfs] CVE-2013-2634, 2635: Kernel leak in data center bridging and netlink.
Installing [0m3a5xq8] CVE-2013-2128: Denial of service in TCP splice.
Installing [2fg4nowt] CVE-2013-2232: Memory corruption in IPv6 routing cache.
Installing [m4a0xb93] CVE-2012-6544: Information leak in Bluetooth L2CAP socket name.
Installing [pqfoprcp] CVE-2013-2237: Information leak on IPSec key socket.
Installing [i1ha5yp7] CVE-2013-4162: Denial-of-service with IPv6 sockets with UDP_CORK.
Installing [aqfegdn1] CVE-2013-4299: Information leak in device mapper persistent snapshots.
Installing [oojymn3l] CVE-2013-4387: Memory corruption in IPv6 UDP fragmentation offload.
Installing [kb7zovzd] CVE-2013-0343: Denial of service in IPv6 privacy extensions.
Installing [7ew8svwd] Off-by-one error causes reduced entropy in kernel PRNG.
Installing [v3hs5diu] CVE-2013-2888: Memory corruption in Human Input Device processing.
Installing [aew2tmdl] CVE-2013-2889: Memory corruption in Zeroplus HID driver.
Installing [ox2wqeva] CVE-2012-6545: Information leak in Bluetooth RFCOMM socket name.
Installing [w9rhkfub] CVE-2013-1928: Kernel information leak in compat_ioctl/VIDEO_SET_SPU_PALETTE.
Installing [r55nqyci] CVE-2013-2164: Kernel information leak in the CDROM driver.
Installing [1vgf62zi] CVE-2013-2234: Information leak in IPsec key management.
Installing [hc532irb] CVE-2013-2851: Format string vulnerability is software RAID device names.
Installing [e129vh8h] CVE-2013-4592: Denial-of-service in KVM IOMMU mappings.
Installing [9wzwcaep] CVE-2013-2141: Information leak in tkill() and tgkill() system calls.
Installing [ufm8ladu] CVE-2013-4470: Memory corruption in IPv4 and IPv6 networking corking with UFO.
Installing [5rh9jkmi] CVE-2013-6367: Divide-by-zero in KVM LAPIC.
Installing [ur8700aj] CVE-2013-6368: Memory corruption in KVM virtual APIC accesses.
Installing [nyg2e0m1] Error in the tag insertion logic of the bonding network device.
Installing [1ekik21n] CVE-2013-2929: Incorrect permissions check in ptrace with dropped privileges.
Installing [m8de4fmg] CVE-2013-7263, CVE-2013-7265: Information leak in IPv4, IPv6 and PhoNet socket recvmsg.
Installing [p4ufjdr0] CVE-2014-0101: NULL pointer dereference in SCTP protocol.
Installing [o86dh6ww] Use-after-free in EDAC Intel E752X driver.
Installing [b2h8hej4] Deadlock in XFS filesystem when removing a inode from namespace.
Installing [nvhmnvp6] Memory leak in GFS2 filesystem for files with short lifespan.
Installing [7brqevk0] CVE-2013-1860: Buffer overflow in Wireless Device Management driver.
Installing [4nh0vuhi] Missing check in selinux for IPSec TCP SYN-ACK packets.
Installing [zvvk1k2q] Logic error in selinux when checking permissions on recv socket.
Installing [2mxh0jvn] CVE-2013-(726, 727, 322, 3231): Information leaks in recvmsg.
Installing [1r5tw9sm] CVE-2013-6383: Missing capability check in AAC RAID compatibility ioctl.
Installing [z4k7xryp] CVE-2014-2523: Remote crash via DCCP conntrack.
Installing [pi89wa2j] CVE-2014-1737, CVE-2014-1738: Local privilege escalation in floppy ioctl.
Installing [b4x8o44g] CVE-2014-0196: Pseudo TTY device write buffer handling race.
Installing [s8s7tfsm] CVE-2014-3153: Local privilege escalation in futex requeueing.
Installing [bqk9mi1j] CVE-2013-6378: Denial-of-service in Marvell 8xxx Libertas WLAN driver.
Installing [rokmr7ey] CVE-2014-1874: Denial-of-service in SELinux on empty security context.
Installing [hxq9cdju] CVE-2014-0203: Memory corruption on listing procfs symbolic links.
Installing [n6kpf53d] CVE-2014-4699: Privilege escalation in ptrace() RIP modification.
Installing [pbab6ibn] CVE-2014-4943: Privilege escalation in PPP over L2TP setsockopt/getsockopt.
Installing [8n932y6h] CVE-2014-5077: Remote denial-of-service in SCTP on simultaneous connections.
Installing [yfh1rar2] CVE-2014-2678: NULL pointer dereference in RDS protocol when binding.
Installing [5z4hhyp3] CVE-2013-7339: NULL pointer dereference in RDS socket binding.
Installing [1vpc7i76] CVE-2012-6647: NULL pointer dereference in non-pi futexes.
Installing [ruu6bc4r] CVE-2014-3144, CVE-2014-3145: Multiple local denial of service vulnerabilities in netlink.
Installing [hgeqfh2x] CVE-2014-3917: Denial-of-service and information leak in audit syscall subsystem.
Installing [345v5a2z] CVE-2014-4667: Denial-of-service in SCTP stack when unpacking a COOKIE_ECHO chunk.
Installing [92st5y9o] CVE-2014-0205: Use-after-free in futex refcounting.
Your kernel is fully up to date.
Effective kernel version is 2.6.32-431.29.2.el6
And now, 1min 27seconds for 267 patches. both CVEs and critical fixes...