Jump to content

Important CentOS 7 Linux Kernel Security Update Addresses Five Vulnerabilities


Recommended Posts



CentOS maintainer Johnny Hughes informs the community of the Red Hat Enterprise Linux-based and security-oriented operating system about the availability of an important kernel update.


As CentOS is based on the freely distributed sources of the Red Hat Enterprise Linux operating system, it also inherits its security updates, and the latest one patches five vulnerabilities discovered recently in the kernel packages of Red Hat Enterprise Linux 7, affecting CentOS 7 users too.


According to the upstream security advisory, which was marked by Red Hat as important, the updated kernel packages were patched against a buffer overflow (CVE-2017-7308) discovered in Linux kernel's packet_set_ring() function, which could allow a local attacker with CAP_NET_RAW access to crash of the system.


Another vulnerability (CVE-2016-8646) was discovered in Linux kernel's shash_async_export() function, which lets unprivileged local users attempt forcing the in-kernel hashing algorithms into decrypting an empty data set. Additionally, it was found the mounting a crafted EXT4 partition as read-only could lead to SLAB-Out-of-Bounds reads and memory corruption (CVE-2016-10208).


Users are urged to update to kernel-3.10.0-514.21.1.el7


The fourth security issue (CVE-2017-5986) patched in this update is about malicious applications that could trigger a BUG_ON in Linux kernel's sctp_wait_for_sndbuf function if the socket tx buffer is full. More details on this flaw can be found on the respective CVE report and Red Hat's security advisory.


Finally, the fifth security flaw (CVE-2016-7910) was discovered in Linux kernel's implementation of seq_file, which could allow a local attacker to manipulate memory in the put() function pointer, thus leading to memory corruption or allowing the attacker to escalate his/her privileges on the vulnerable system.


CentOS 7 users are urged to update their installations to kernel-3.10.0-514.21.1.el7 as soon as possible. To perform a full system update, type the "su -c 'yum update'" command in your favorite terminal emulator or virtual console. After a kernel update, make sure that you reboot your computer for the new version to take effect.



Link to comment
Share on other sites

  • Replies 0
  • Views 436
  • Created
  • Last Reply


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...