14 DAY TRIAL // CentOS developer and maintainer Johnny Hughes announced the availability of an important Linux kernel security update for all users of the CentOS 5 operating system series.
The CentOS Errata and Security Advisory 2017:0323 has been marked as important, and it urges users to update their CentOS 5 installations to either kernel-2.6.18-419.el5, kernel-PAE-2.6.18-419.el5, or kernel-xen-2.6.18-419.el5, which are available for both 32-bit (i686) and 64-bit (x86_64) machines, along with the source package.
CentOS 5 is a free and open-source GNU/Linux distribution based on the freely distributed sources of the commercial Red Hat Enterprise Linux 5 operating system series. Therefore, this important kernel update is based on the upstream kernel available for Red Hat Enterprise Linux (RHEL) 5.
CVE-2017-6074 and CVE-2017-2634 have been patched
The kernel update patches two recently discovered security issues, namely CVE-2017-6074 and CVE-2017-2634. The first one is an use-after-free in Linux kernel's DCCP (Datagram Congestion Control Protocol) implementation that allows an unprivileged local user to gain root access by altering the kernel memory.
The second one was also discovered in Linux kernel's DCCP implementation; specifically in the way it uses the IPv4-only inet_sk_rebuild_header() function for both IPv6 and IPv4 DCCP connections. Memory corruptions could result because of this security flaw, allowing a remote attacker to crash the vulnerable system.
"This update disables the DCCP kernel module at load time by using the kernel module blacklist method. The module is disabled in an attempt to reduce further exposure to additional issues. Please see Red Hat Bugzilla (BZ#1425177) for additional information," reads the RHSA-2017:0323-1 security advisory.
CentOS 5 users are urged to update their system to the new kernel builds mentioned above as soon as possible. As expected, these issues also affect users of Red Hat Enterprise Linux 5 Server and Red Hat Enterprise Linux 5 Desktop operating systems, which are also urged to update immediately. Don't forget to reboot your machines!