Stack Clash / Stack Guard Page vulnerability ...

[avij]

May I know if more patch for CentOS will be released or should I just gnore the return message?

You are using an ages old CentOSPlus kernel. See if yum update kernel* --enablerepo=centosplus helps.

[TrevorH]

Also, your running kernel version will not change until you reboot after installing a newer one.

[yst1979]

To avij & TrevorH

Thanks for the reply, after digging more, I found that I did successfully download the
initramfs-2.6.32-696.3.2.el6.centos.plus.x86_64.img and vmlinuz-2.6.32-696.3.2.el6.centos.plus.x86_64 to my system,
but for some reason, uname -ar keeps showing me the older version of kernel even after rebooting.

Then I found that both my /boot/grub/grub.conf and menu.lst are not updated, still using the older version, so I changed them manually to the newest version.

I know those 2 files should be updated accordingly but for some reason it was not in my case, but I think by changing it manually should mean the same thing, so.... I guess it is a problem solved... XD

Thanks, Sincerely,

[TrevorH]

If you are having problems with grub such as new kernels not being detected you should check the symlink exists between /etc/grub.conf -> ../boot/grub/grub.conf (CentOS 6) or /etc/grub2.cfg -> ../boot/grub2/grub.cfg or /etc/grub2-efi.cfg -> ../boot/efi/EFI/centos/grub.cfg (CentOS 7)

[gerald_clark]

yst1979, you did not reboot after updating the kernel.
Current kernel is 2.6.32-696.3.2.

[wrc]

Dear all,

I have updated my system with command
yum update glibc kernel*
after this, I ran test script provided by Redhat at URL
https://access.redhat.com/security/vuln ... stackguard under Diagnose section
and the result show that the kernel is still vulnerable.
[SNIP]

Try running

Code: Select all

yum clean all

before

Code: Select all

yum upgrade kernel*

[Luckyfriend222]

Hi all. Just my 2 cents. Updated my system on 22 June 2017 at 09:00 SAST. This was the result of the script.

./cve-2017-1000366_2.sh

Code: Select all

This script is primarily designed to detect CVE-1000366 on supported
Red Hat Enterprise Linux systems and kernel packages.
Result may be inaccurate for other RPM based systems.

Detected 'glibc' packages are:
glibc-2.17-157.el7_3.4.i686
glibc-2.17-157.el7_3.4.x86_64
Detected running kernel is '3.10.0-514.21.2.el7.x86_64'.

This 'glibc' version is not vulnerable.
This 'kernel' version is not vulnerable.

Please remember that you must reboot after kernel updates for new kernel to take effect.
Regards

[TrevorH]

If the symlink from /etc/grub2.cfg to /boot/grub2/grub.cfg is broken then the kernel installs will update /etc/grub2.cfg but due to the broken symlink, the copy of the file in /boot/grub2/grub.cfg that grub actually uses during boot will not have those changes. It should look like this

Code: Select all

lrwxrwxrwx. 1 root root 22 Nov 26  2016 /etc/grub2.cfg -> ../boot/grub2/grub.cfg

[yst1979]

If the symlink from /etc/grub2.cfg to /boot/grub2/grub.cfg is broken then the kernel installs will update /etc/grub2.cfg but due to the broken symlink, the copy of the file in /boot/grub2/grub.cfg that grub actually uses during boot will not have those changes. It should look like this

Code: Select all

lrwxrwxrwx. 1 root root 22 Nov 26  2016 /etc/grub2.cfg -> ../boot/grub2/grub.cfg

Thanks a lot for the info!! after checking out, that's exactly where the problem was!! Don't know why grub.conf was missing under my /etc
But after adding it back, with ln -s, test it with reinstall kernel and everything went normal!!

Once again, thanks for the info, including the other post regarding grub.conf too, help me a lot!

Sincerely,