I am running CentOS 6.9 server.
I have been reading about a security vulnerability CVE-2017-1000253.
Is there a patch for CentOS 6.9?
I have auto update via yum-cron, how can I tell if that patch has been applied?
CentOS 6.9 CVE-2017-1000253 vulnerability
Re: CentOS 6.9 CVE-2017-1000253 vulnerability
This is fixed in kernel 2.6.32-696.10.3.
First, run uname -a. If this shows kernel version 2.6.32-696.10.3 (or later) you're good and you can stop here.
If not (and it shows an older 2.6.32-xxx version), run yum update. Then run rpm -q kernel and see if the 2.6.32-696.10.3 kernel is listed. If it is, you have installed the kernel that contains the fix, but you will still need to reboot your server to start using the new kernel. This can be done with shutdown -r now. When the server is back up, confirm that you are running 2.6.32-696.10.3 by running uname -a again.
First, run uname -a. If this shows kernel version 2.6.32-696.10.3 (or later) you're good and you can stop here.
If not (and it shows an older 2.6.32-xxx version), run yum update. Then run rpm -q kernel and see if the 2.6.32-696.10.3 kernel is listed. If it is, you have installed the kernel that contains the fix, but you will still need to reboot your server to start using the new kernel. This can be done with shutdown -r now. When the server is back up, confirm that you are running 2.6.32-696.10.3 by running uname -a again.
Re: CentOS 6.9 CVE-2017-1000253 vulnerability
uname -a shows I have 2.6.32-696.10.2.el6.x86_64
[root@server ~]# rpm -q kernel
kernel-2.6.32-696.3.2.el6.x86_64
kernel-2.6.32-696.6.3.el6.x86_64
kernel-2.6.32-696.10.1.el6.x86_64
kernel-2.6.32-696.10.2.el6.x86_64
kernel-2.6.32-696.10.3.el6.x86_64
How do I specify that I want to install kernel-2.6.32-696.10.3.el6.x86_64?
[root@server ~]# rpm -q kernel
kernel-2.6.32-696.3.2.el6.x86_64
kernel-2.6.32-696.6.3.el6.x86_64
kernel-2.6.32-696.10.1.el6.x86_64
kernel-2.6.32-696.10.2.el6.x86_64
kernel-2.6.32-696.10.3.el6.x86_64
How do I specify that I want to install kernel-2.6.32-696.10.3.el6.x86_64?
Re: CentOS 6.9 CVE-2017-1000253 vulnerability
From my above message: "... but you will still need to reboot your server to start using the new kernel. This can be done with shutdown -r now. When the server is back up, confirm that you are running 2.6.32-696.10.3 by running uname -a again."
Re: CentOS 6.9 CVE-2017-1000253 vulnerability
Sorry, I misunderstood you. I thought I had to install the update manually.
I rebooted the server and the new kernel took effect.
Thank you.
I rebooted the server and the new kernel took effect.
Thank you.