14 DAY TRIAL // A new CloudLinux 7 kernel is live, only two days after announcing the release of kernel version 3.10.0-427.36.1.lve1.4.26 and one day after the release of a patched KernelCare against the CVE-2016-8655 vulnerability.
CloudLinux's Mykola Naugolnyi informs those who use the enterprise-ready Red Hat Enterprise Linux-based CloudLinux 7 operating system on their infrastructures that an updated kernel version, tagged as build 3.10.0-427.18.2.lve1.4.27, is out and fully patched against the five-year-old privilege-escalation vulnerability found recently.
Security researcher Philip Pettersson is the one that discovered the flaw, which is a race condition in Linux kernel's raw packet sockets implementation in the networking subsystem, which could have allowed an unprivileged local attacker capable of opening a raw packet socket to elevate their privileges on the vulnerable system.
"In order to exploit this issue the attacker needs CAP_NET_RAW capability, which needs to be granted by the administrator to the attacker's account. Since Red Hat Enterprise Linux 7 does not have unprivileged user namespaces enabled by default, local unprivileged users also cannot abuse namespaces to grant this capability to themselves and elevate their privileges," reads CVE-2016-8655.
CloudLinux 7 users are urged to update their systems immediately
The security flaw can be corrected by updating your CloudLinux 7 system to kernel 3.10.0-427.18.2.lve1.4.27, which is now live for all users using the operating system without the KernelCare live patching service. This means that after a standard system update, you need to reboot your computer to make all the necessary changes.
To install new kernel updates on your CloudLinux 7 operating system, you'll need to execute the command below in a terminal emulator or a virtual console. Please note that the newly updated CloudLinux 7 kernel version is available from the updates-testing repository, which will be enabled automatically. For those new to CloudLinux, this is the OS for hosting providers and data centers.
yum install kernel-3.10.0-427.18.2.lve1.4.27 kmod-lve-1.4-27.el7 --enablerepo=cloudlinux-updates-testing