CentOS maintainer Johnny Hughes has informed the community about the availability of yet another important kernel security update, this time for users of the CentOS Linux 7 operating system series.
CentOS being derived from the freely distributed sources of Red Hat Enterprise Linux, it always receives the latest security fixes from upstream. The updated kernel packages for CentOS 7 are here to patch a total of four vulnerabilities discovered lately and patched by Red Hat.
These are a race condition flaw (CVE-2017-2636, reported by Alexander Popov) in Linux kernel’s N_HLDC driver, which could allow an unprivileged local user to gain root access by setting the HDLC line discipline on a TTY device, as well as a flaw (CVE-2017-2618) in the way Linux kernel handles the clearing of SELinux attributes on /proc/pid/attr files, which could lead to a system crash.
Also affecting Red Hat Enterprise Linux Desktop 7 users
Another flaw (CVE-2016-8650, reported by Ralf Spenneberg) marked upstream as moderate was discovered in Linux kernel’s key management subsystem, which could allow a local attacker to either cause a denial of service or crash the kernel by providing a specially crafted RSA key.
The last security flaw (CVE-2016-9793) is also marked as moderate upstream and was discovered in Linux kernel’s implementation of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt() system call. This could be used by an attacker to cause memory corruption or crash the affected system.
“Users with non-namespace CAP_NET_ADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative. This could adversely affect memory allocations and create situations where the system could crash or cause memory corruption,” reads the security advisory.
CentOS 7 users are urged to update their installations to kernel-3.10.0-514.16.1.el7 as soon as possible. These issues are also affecting Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, Red Hat Enterprise Linux Server TUS 7.3, and Red Hat Enterprise Linux Workstation 7.