CloudLinux Blog - CloudLinux 7 and CloudLinux 6 Hybrid kernel updated

CloudLinux 7 and CloudLinux 6 Hybrid kernel updated

CloudLinux 7 and CloudLinux 6 Hybrid kernel updated

CloudLinux 7 and CloudLinux 6 Hybrid kernel version 3.10.0-714.10.2.lve1.5.19.3 is now available for download from our production repository.

Changelog:

  • CLKRN-323: a flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses;
  • CLKRN-320: fixed the CVE-2017-18344.
    posix-timer: properly check sigevent->sigev_notify.
    The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn’t properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).

To install a new kernel, please use the following commands.

CloudLinux 7:

yum install kernel-3.10.0-714.10.2.lve1.5.19.3.el7

CloudLinux 6:

yum install kernel-3.10.0-714.10.2.lve1.5.19.3.el6h
mod_lsapi updated
Alt-PHP updated
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, 19 January 2020

Captcha Image

By submitting your comment, you agree with Cloudlinux Privacy Policy