14 DAY TRIAL // CentOS maintainer Johnny Hughes recently published a new security advisory for user of the CentOS 7 operating system series to inform them about an important kernel security update.
CentOS is based on the freely distributed sources of the commercial Red Hat Enterprise Linux operating system, which means that it always inherits its most recent security patches, and the latest kernel update is here to address a total of five vulnerabilities, as well as to fix a bunch of bugs.
According to the upstream security advisory from Red Hat, the kernel update fixes a remote code execution vulnerability (CVE-2017-7477) discovered way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff), allowing remote attackers to escalate their privileges.
Additionally, it patches a remote code execution vulnerability (CVE-2017-7645) that affected the NFS2/3 RPC client as it could send long arguments to the NFS server, allowing a remote attacker to crash the kernel, and another security flaw (CVE-2017-7895) discovered in the NFSv2 and NFSv3 server implementations.
CentOS 7 users urged to update to kernel-3.10.0-514.26.1.el7
Also patched in this latest kernel update released for CentOS 7 operating systems, there's a vulnerability (CVE-2017-2583) discovered in the Kernel-based Virtual Machine (CONFIG_KVM) support, and a security flaw (CVE-2017-6214) found in Linux kernel's handling of packets with the URG flag, which could allow a remote attacker to force the kernel to enter an infinite loop.
CentOS 7 users are urged to update immediately to kernel-3.10.0-514.26.1.el7 from the stable repositories of the operating system. The upstream Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux Workstation 7, Red Hat Enterprise Linux Server 7, Red Hat Enterprise Linux HPC Node 7, and Red Hat Enterprise Linux Server TUS 7.3 releases are also affected and need to be patched.