CentOS has received a new update that fixes important kernel vulnerabilities. The update has been specifically designed for systems running on CentOS 7.
Johnny Hughes, the maintainer of CentOS, has published a security advisory detailing the five vulnerabilities addressed by the latest update. Hughes highlights that the update fixes a remote code execution vulnerability (CVE-2017-7477). The vulnerability could allow remote attackers escalate privileges by allocating heap memory in Linux kernel to build the scatter gather list from fragment list in the socket buffer.
Another remote code execution vulnerability (CVE-2017-7645) has been patched in the update. The vulnerability affected NFS2/3 RPC client that could let users send long arguments to the NFS server and let an attacker crash the kernel.
Third important vulnerability (CVE-2017-7895) patched in this security release was discovered in NFSv2 and NFSv3 server implementations. Another vulnerability (CVE-2017-2583) was found in virtual machine support in the kernel while the last important security flaw (CVE-2017-6214) was found in the kernel’s packet handling with URG flags. A remote attacker could force the kernel to enter an infinite loop using this vulnerability.
The CentOS maintainer has pushed the update kernel-3.10.0-514.26.1.el7 in the stable repository of the OS. All the CentOS 7 users are recommended to update their systems immediately.