Users should update their installations as soon as possible

May 31, 2018 13:31 GMT  ·  By

CentOS Linux developer Johnny Hughes announced the availability of a new kernel security update is now available for the CentOS Linux 7 operating system series that addresses various security issues.

Being based on the Red Hat Enterprise Linux 7 operating system series, CentOS Linux 7 follows a rolling release model where the user installs once and receives regular updates forever. There's no need to reinstall your healthy CentOS Linux installation when a new release is out, but you should keep it up-to-date at all times.

A new kernel security update was released upstream by Red Hat for the Red Hat Enterprise Linux 7 operating system series, which addresses a total of six security vulnerabilities discovered and reported by various security researchers. The kernel security update is now also available for CentOS Linux 7 users.

Among the issues fixed by this new kernel security update, which CentOS developers marked as important, we can mention an error in exception handling for the KVM implementation that could lead to wrong debug stack value (CVE-2018-1087) and an issue in kernel's exception handling leading to a denial of service (CVE-2018-8897).

Other issues fixed include a use-after-free (CVE-2017-16939) in the IPsec secure network protocol suite leading to potential privilege escalation, an out-of-bounds write vulnerability via userland offsets in the ebt_entry struct function in netfilter/ebtables.c (CVE-2018-1068), as well as a guest kernel crash on POWER9 hosts (CVE-2018-1091).

CentOS Linux 7 users need to update their kernels immediately

Also patched is a vulnerability (CVE-2018-1000199) in Linux kernel's ptrace() function, which incorrectly handled errors, leading to corruption and denial of service. For more details about these security vulnerabilities, please consider studying the upstream security advisory published by Red Hat.

All CentOS Linux 7 users are urged to update their kernels immediately to version kernel-3.10.0-862.2.3.el7.x86_64.rpm. The kernel security patch will also update various other packages related to the kernel, including perf-3.10.0-862.2.3.el7.x86_64.rpm and python-perf-3.10.0-862.2.3.el7.x86_64.rpm. Additional details can be found in the security notice.