CloudLinux OS Blog - Beta: CloudLinux 7 and CloudLinux 6 Hybrid kernel updated
CloudLinux OS Blog

Beta: CloudLinux 7 and CloudLinux 6 Hybrid kernel updated

Beta: CloudLinux 7 and CloudLinux 6 Hybrid kernel updated

CloudLinux 7 and CloudLinux 6 Hybrid kernel version 3.10.0-793.21.1.lve1.5.20 is now available for download from our updates-testing repository.

Main features:

  • KASLR support.

    Kernel address space layout randomization (KASLR), which was previously available as a Technology Preview, is fully supported in Red Hat Enterprise Linux 7.5 on the AMD64 and Intel 64 architectures. KASLR is a kernel feature that contains two parts, kernel text KASLR and mm KASLR.
    These two parts work together to enhance the security of the Linux kernel.

  • Retpoline support.

    A retpoline is designed to protect against the branch target injection (CVE‌-2017-5715) exploit. This is an attack where an indirect branch instruction in the kernel is used to force the speculative execution of an arbitrary chunk of code. The chosen code is a "gadget" that is somehow useful to an attacker. For example, a code can be chosen so that it will leak kernel data through how it affects the cache. The retpoline prevents this exploit by simply replacing all indirect branch instructions with a return instruction.

  • CLKRN‌-290: fixed CVE‌-2018-3665.

    The security flaw takes advantage of one of the ways the Linux kernel saves and restores the state of the Floating Point Unit (FPU) when switching tasks – specifically the Lazy FPU Restore scheme. Malware or malicious users can take advantage of the vulnerability to grab encryption keys.

Changelog:

  • CLKRN‌-272: added a workaround to avoid crash with 32bit binary;
  • CLKRN‌-314: fixed boot on Xen in PV mode;
  • CLKRN‌-319: fixed assertion on XFS partition file removal;
  • CLKRN‌-320: fixed CVE‌-2017-18344.

To install a new kernel, please use the following command:

CloudLinux 7:

yum install kernel-3.10.0-793.21.1.lve1.5.20.el7 --enablerepo=cloudlinux-updates-testing

CloudLinux 6 Hybrid:

yum install kernel-3.10.0-793.21.1.lve1.5.20.el6h --enablerepo=cloudlinux-hybrid-testing
EasyApache 4 updated
LVE Manager for cPanel updated
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, 24 August 2019

Captcha Image