CloudLinux’s Mykola Naugolnyi is announcing today the immediate availability of new stable kernel security updates for the CloudLinux 7 and CloudLinux 6 operating system series.
The newly updated CloudLinux 7, CloudLinux 6 and Hybrid kernel is here to fix the recently discovered and patched CVE-2017-2636 vulnerability that was affecting the Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise MRG (Messaging, Realtime and Grid) 2 operating systems.
CloudLinux is based on Red Hat Enterprise Linux (RHEL), which means that it always backports its security patches, and CVE-2017-2636 is marked upstream with an “important impact” on your systems. The security flaw appears to allow an unprivileged local user to gain root access on the vulnerable machines.
“A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system,” reads the upstream Red Hat CVE database.
Update your installations immediately to fix the issue
To fix the security issue, CloudLinux users are recommended to update their installations to kernel version 3.10.0-427.36.1.lve1.4.40, which is now available from the production repositories of CloudLinux 7 and CloudLinux 6 releases. To update, simply run the following commands in a terminal emulator or the virtual console, and don’t forget to reboot your computers for the new kernel version to take effect.
For CloudLinux 7
yum install kernel-3.10.0-427.36.1.lve1.4.40.el7 kmod-lve-1.4-40.el7
For CloudLinux 6
yum install kernel-2.6.32-673.26.1.lve1.4.23.el6 kmod-lve-1.4-23.el6
For CloudLinux 5 Hybrid
yum install kernel-2.6.32-673.26.1.lve1.4.23.el5h kmod-lve-1.4-23.el5h
