CloudLinux 7 and CloudLinux 6 Hybrid kernel updated

[Inessa Atmachian]

CloudLinux 7 and CloudLinux 6 Hybrid kernel version 3.10.0-714.10.2.lve1.5.19.3 is now available for download from our production repository.

Changelog:

• CLKRN-323: a flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses;
• CLKRN-320: fixed the CVE-2017-18344.
  posix-timer: properly check sigevent->sigev_notify.
  The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn’t properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).

To install a new kernel, please use the following commands.

CloudLinux 7:

yum install kernel-3.10.0-714.10.2.lve1.5.19.3.el7

CloudLinux 6:

yum install kernel-3.10.0-714.10.2.lve1.5.19.3.el6h

--

Regards,

Inessa Atmachian  |  Technical Writer
89213630833  |  Skype: fitch44


CloudLinux.com  |  KernelCare.com |  Imunify360 

helpdesk.cloudlinux.com: 24/7Free, exceptionally good support
Follow twitter.com/CloudLinuxOS for technical updates