CVE-2018-8781 resolution for Centos 7

Support for security such as Firewalls and securing linux
Post Reply
bayupermadi
Posts: 7
Joined: 2017/07/03 05:20:55
Location: Malang, Indonesia

CVE-2018-8781 resolution for Centos 7

Post by bayupermadi » 2018/05/16 10:17:28

Hi,

I just announced by our security that new CVE known CVE-2018-8781 has published. Based on my understanding, this vulnerability hit the USB module. I've check the Redhat webpage about this but cannot find the resolution. Here is the page https://access.redhat.com/security/cve/cve-2018-8781

I've tried to upgrade our Centos to kernel 3.10.0-862.2.3.el7.x86_64, but from rpm changelog information no update for CVE-2018-8781.

Can you help where I can get the information of the kernel fixing status?

Thank you for your information,

Bayu Permadi

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: CVE-2018-8781 resolution for Centos 7

Post by avij » 2018/05/16 10:21:58

That page you linked to (and the related Bugzilla entry) has all the information that is available.

If you are looking for a schedule for when a fix might be published, that information is not available either.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2018-8781 resolution for Centos 7

Post by TrevorH » 2018/05/16 12:05:52

There doesn't appear to be a udldrmfb module but there is a udl module that appears to be the thing affected. Since this is for USB attached displays, if you don't use one then you could mitigate this by blacklisting that module so it will not load.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply