CentOS 6.9 CVE-2017-1000253 vulnerability

Support for security such as Firewalls and securing linux
waltman
Posts: 9
Joined: 2016/01/05 03:20:30

CentOS 6.9 CVE-2017-1000253 vulnerability

Postby waltman » 2017/10/02 19:18:29

I am running CentOS 6.9 server.

I have been reading about a security vulnerability CVE-2017-1000253.

Is there a patch for CentOS 6.9?

I have auto update via yum-cron, how can I tell if that patch has been applied?

User avatar
avij
Forum Moderator
Posts: 2091
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: CentOS 6.9 CVE-2017-1000253 vulnerability

Postby avij » 2017/10/02 20:18:39

This is fixed in kernel 2.6.32-696.10.3.

First, run uname -a. If this shows kernel version 2.6.32-696.10.3 (or later) you're good and you can stop here.

If not (and it shows an older 2.6.32-xxx version), run yum update. Then run rpm -q kernel and see if the 2.6.32-696.10.3 kernel is listed. If it is, you have installed the kernel that contains the fix, but you will still need to reboot your server to start using the new kernel. This can be done with shutdown -r now. When the server is back up, confirm that you are running 2.6.32-696.10.3 by running uname -a again.

waltman
Posts: 9
Joined: 2016/01/05 03:20:30

Re: CentOS 6.9 CVE-2017-1000253 vulnerability

Postby waltman » 2017/10/03 12:12:50

uname -a shows I have 2.6.32-696.10.2.el6.x86_64

[root@server ~]# rpm -q kernel
kernel-2.6.32-696.3.2.el6.x86_64
kernel-2.6.32-696.6.3.el6.x86_64
kernel-2.6.32-696.10.1.el6.x86_64
kernel-2.6.32-696.10.2.el6.x86_64
kernel-2.6.32-696.10.3.el6.x86_64

How do I specify that I want to install kernel-2.6.32-696.10.3.el6.x86_64?

User avatar
avij
Forum Moderator
Posts: 2091
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: CentOS 6.9 CVE-2017-1000253 vulnerability

Postby avij » 2017/10/03 12:14:43

From my above message: "... but you will still need to reboot your server to start using the new kernel. This can be done with shutdown -r now. When the server is back up, confirm that you are running 2.6.32-696.10.3 by running uname -a again."

waltman
Posts: 9
Joined: 2016/01/05 03:20:30

Re: CentOS 6.9 CVE-2017-1000253 vulnerability

Postby waltman » 2017/10/03 12:46:04

Sorry, I misunderstood you. I thought I had to install the update manually.

I rebooted the server and the new kernel took effect.

Thank you.