HomeContentNewsCentOS 7 security update patches five critical vulnerabilities

CentOS 7 security update patches five critical vulnerabilities

- Advertisement -

 

CentOS has received a new update that fixes important kernel vulnerabilities. The update has been specifically designed for systems running on CentOS 7.

Johnny Hughes, the maintainer of CentOS, has published a security advisory detailing the five vulnerabilities addressed by the latest update. Hughes highlights that the update fixes a remote code execution vulnerability (CVE-2017-7477). The vulnerability could allow remote attackers escalate privileges by allocating heap memory in Linux kernel to build the scatter gather list from fragment list in the socket buffer.

- Advertisement -

Another remote code execution vulnerability (CVE-2017-7645) has been patched in the update. The vulnerability affected NFS2/3 RPC client that could let users send long arguments to the NFS server and let an attacker crash the kernel.

Third important vulnerability (CVE-2017-7895) patched in this security release was discovered in NFSv2 and NFSv3 server implementations. Another vulnerability (CVE-2017-2583) was found in virtual machine support in the kernel while the last important security flaw (CVE-2017-6214) was found in the kernel’s packet handling with URG flags. A remote attacker could force the kernel to enter an infinite loop using this vulnerability.

The CentOS maintainer has pushed the update kernel-3.10.0-514.26.1.el7 in the stable repository of the OS. All the CentOS 7 users are recommended to update their systems immediately.

- Advertisement -
Rajat Kabade
Rajat Kabade
Rajat is into blogging since he was in the high-school. He’s an Android geek, known for his work on Android ROMs & Kernels on XDA developers forum. He manages Google Developer Group Pune community.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Thought Leaders

Open Journey

- Advertisement -

MOST POPULAR