You are using an ages old CentOSPlus kernel. See if yum update kernel* --enablerepo=centosplus helps.yst1979 wrote:May I know if more patch for CentOS will be released or should I just gnore the return message?
Stack Clash / Stack Guard Page vulnerability ...
Re: Stack Clash / Stack Guard Page vulnerability ...
Re: Stack Clash / Stack Guard Page vulnerability ...
Also, your running kernel version will not change until you reboot after installing a newer one.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Stack Clash / Stack Guard Page vulnerability ...
To avij & TrevorH
Thanks for the reply, after digging more, I found that I did successfully download the
initramfs-2.6.32-696.3.2.el6.centos.plus.x86_64.img and vmlinuz-2.6.32-696.3.2.el6.centos.plus.x86_64 to my system,
but for some reason, uname -ar keeps showing me the older version of kernel even after rebooting.
Then I found that both my /boot/grub/grub.conf and menu.lst are not updated, still using the older version, so I changed them manually to the newest version.
I know those 2 files should be updated accordingly but for some reason it was not in my case, but I think by changing it manually should mean the same thing, so.... I guess it is a problem solved... XD
Thanks, Sincerely,
Thanks for the reply, after digging more, I found that I did successfully download the
initramfs-2.6.32-696.3.2.el6.centos.plus.x86_64.img and vmlinuz-2.6.32-696.3.2.el6.centos.plus.x86_64 to my system,
but for some reason, uname -ar keeps showing me the older version of kernel even after rebooting.
Then I found that both my /boot/grub/grub.conf and menu.lst are not updated, still using the older version, so I changed them manually to the newest version.
I know those 2 files should be updated accordingly but for some reason it was not in my case, but I think by changing it manually should mean the same thing, so.... I guess it is a problem solved... XD
Thanks, Sincerely,
Re: Stack Clash / Stack Guard Page vulnerability ...
If you are having problems with grub such as new kernels not being detected you should check the symlink exists between /etc/grub.conf -> ../boot/grub/grub.conf (CentOS 6) or /etc/grub2.cfg -> ../boot/grub2/grub.cfg or /etc/grub2-efi.cfg -> ../boot/efi/EFI/centos/grub.cfg (CentOS 7)
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 10642
- Joined: 2005/08/05 15:19:54
- Location: Northern Illinois, USA
Re: Stack Clash / Stack Guard Page vulnerability ...
yst1979, you did not reboot after updating the kernel.
Current kernel is 2.6.32-696.3.2.
Current kernel is 2.6.32-696.3.2.
Re: Stack Clash / Stack Guard Page vulnerability ...
Try runningyst1979 wrote:Dear all,
I have updated my system with command
yum update glibc kernel*
after this, I ran test script provided by Redhat at URL
https://access.redhat.com/security/vuln ... stackguard under Diagnose section
and the result show that the kernel is still vulnerable.
[SNIP]
Code: Select all
yum clean all
Code: Select all
yum upgrade kernel*
-
- Posts: 3
- Joined: 2014/07/21 05:49:53
Re: Stack Clash / Stack Guard Page vulnerability ...
Hi all. Just my 2 cents. Updated my system on 22 June 2017 at 09:00 SAST. This was the result of the script.
./cve-2017-1000366_2.sh
Please remember that you must reboot after kernel updates for new kernel to take effect.
Regards
./cve-2017-1000366_2.sh
Code: Select all
This script is primarily designed to detect CVE-1000366 on supported
Red Hat Enterprise Linux systems and kernel packages.
Result may be inaccurate for other RPM based systems.
Detected 'glibc' packages are:
glibc-2.17-157.el7_3.4.i686
glibc-2.17-157.el7_3.4.x86_64
Detected running kernel is '3.10.0-514.21.2.el7.x86_64'.
This 'glibc' version is not vulnerable.
This 'kernel' version is not vulnerable.
Regards
Re: Stack Clash / Stack Guard Page vulnerability ...
If the symlink from /etc/grub2.cfg to /boot/grub2/grub.cfg is broken then the kernel installs will update /etc/grub2.cfg but due to the broken symlink, the copy of the file in /boot/grub2/grub.cfg that grub actually uses during boot will not have those changes. It should look like this
Code: Select all
lrwxrwxrwx. 1 root root 22 Nov 26 2016 /etc/grub2.cfg -> ../boot/grub2/grub.cfg
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Stack Clash / Stack Guard Page vulnerability ...
TrevorH wrote:If the symlink from /etc/grub2.cfg to /boot/grub2/grub.cfg is broken then the kernel installs will update /etc/grub2.cfg but due to the broken symlink, the copy of the file in /boot/grub2/grub.cfg that grub actually uses during boot will not have those changes. It should look like this
Code: Select all
lrwxrwxrwx. 1 root root 22 Nov 26 2016 /etc/grub2.cfg -> ../boot/grub2/grub.cfg
Thanks a lot for the info!! after checking out, that's exactly where the problem was!! Don't know why grub.conf was missing under my /etc
But after adding it back, with ln -s, test it with reinstall kernel and everything went normal!!
Once again, thanks for the info, including the other post regarding grub.conf too, help me a lot!
Sincerely,