Learn about Centmin Mod LEMP Stack today
Register Now

Security 11-Year Old Linux Kernel Local Privilege Escalation Flaw Discovered CVE-2017-6074

Discussion in 'CentOS, Redhat & Oracle Linux News' started by pamamolf, Feb 23, 2017.

  1. pamamolf

    pamamolf Well-Known Member

    2,724
    243
    63
    May 31, 2014
    Ratings:
    +434
    Local Time:
    10:10 PM
    Nginx-1.13.x
    MariaDB 10.1.x
    Another privilege-escalation vulnerability has been discovered in Linux kernel that dates back to 2005 and affects major distro of the Linux operating system, including Redhat, Debian, OpenSUSE, and Ubuntu.

    Over a decade old Linux Kernel bug (CVE-2017-6074) has been discovered by security researcher Andrey Konovalov in the DCCP (Datagram Congestion Control Protocol) implementation using Syzkaller, a kernel fuzzing tool released by Google.

    The vulnerability is a use-after-free flaw in the way the Linux kernel's "DCCP protocol implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket."

    The DCCP double-free vulnerability could allow a local unprivileged user to alter the Linux kernel memory, enabling them to cause a denial of service (system crash) or escalate privileges to gain administrative access on a system.
    "An attacker can control what object that would be and overwrite its content with arbitrary data by using some of the kernel heap spraying techniques. If the overwritten object has any triggerable function pointers, an attacker gets to execute arbitrary code within the kernel," full disclosure mailing list about the vulnerability reads. DCCP is a message-oriented transport layer protocol that minimizes the overhead of packet header size or end-node processing as much as possible and provides the establishment, maintenance and teardown of an unreliable packet flow, and the congestion control of that packet flow.

    This vulnerability does not provide any way for an outsider to break into your system in the first place, as it is not a remote code execution (RCE) flaw and require an attacker to have a local account access on the system to exploit the flaw.

    Almost two months ago, a similar privilege-escalation vulnerability (CVE-2016-8655) was uncovered in Linux kernel that dated back to 2011 and allowed an unprivileged local user to gain root privileges by exploiting a race condition in the af_packet implementation in the Linux kernel.

    The vulnerability has already been patched in the mainline kernel. So, if you are an advanced Linux user, apply the patch and rebuild kernel yourself.

    OR, you can wait for the next kernel update from your distro provider and apply it as soon as possible.
     
    • Like Like x 2
    • Informative Informative x 1
  2. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,138
    Local Time:
    5:10 AM
    Nginx 1.13.x
    MariaDB 5.5
    thanks for heads up !

    ah so need ssh local user already to gain root privileges!

    Times like these is where KernelCare can be useful KernelCare rebootless kernel updates - CentminMod.com LEMP Nginx web stack for CentOS :)

    Details for CVE-2017-6074

    Update Fixes


    So need to do 2 steps for non-openvz systems. For openvz vps you use host node kernel and not your own so only your web host can update the host node kernel so contact them. Some openvz vps providers also use KernelCare so are auto patched up but some don't.
    1. Do a yum update
      Code (Text):
      yum -y update
      then check if kernel-2.6.32-642.13.2.el6 or kernel-3.10.0-514.6.2.el7 kernel is updated via
      Code (Text):
      yum list kernel
      output
    2. Then reboot your server for Kernel update to take effect. If you use KernelCare KernelCare rebootless kernel updates - CentminMod.com LEMP Nginx web stack for CentOS they auto patch your kernel every 4hrs and do not require server reboots. Then verify after reboot of kernel version via
      Code (Text):
      uname -r
      or if using KernelCare via
      Code (Text):
      kcare-uname -r
     
    • Like Like x 1
    • Informative Informative x 1
  3. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,138
    Local Time:
    5:10 AM
    Nginx 1.13.x
    MariaDB 5.5
    FYI, noticed while doing yum update command, there's an OpenSSL security update too Red Hat Customer Portal so you can do both updates via yum update :)

    1. For CentOS and Redhat 6 openssl-1.0.1e-48.el6
    2. For CentOS and Redhat 7 openssl-1.0.1e-60.el7

     
    • Like Like x 1
  4. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,138
    Local Time:
    5:10 AM
    Nginx 1.13.x
    MariaDB 5.5
    so far none of my centos 6 or 7 servers show the updated kernel versions available yet via
    Code (Text):
    yum list updates
    
     
  5. RB1

    RB1 Active Member

    281
    72
    28
    Nov 11, 2016
    California
    Ratings:
    +119
    Local Time:
    12:10 PM
    Nginx 1.13.x
    MariaDB 10.1.x
    What if we are on custom Linode kernel though? Just ignore? :confused:

    Edit: Or is it a vulnerability on ALL Linux systems...Linode will probably patch and release a new kernel soon?
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,138
    Local Time:
    5:10 AM
    Nginx 1.13.x
    MariaDB 5.5
    Latest Linode kernel is still 4.9.7 right now Available Linux Kernels - Linode

    from CVE - CVE-2017-6074
    so either Linode patches their kernel or wait for 4.9.11+ ?
     
    • Like Like x 1
  7. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,138
    Local Time:
    5:10 AM
    Nginx 1.13.x
    MariaDB 5.5
    Linode support got back to me, this CVE-2017-6074 DOES NOT apply to Linode custom kernels
     
    • Like Like x 1
    • Informative Informative x 1
  8. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    3:10 PM
    1.13.x
    MariaDB 10.1.x
    None of my servers showing the update either.
     
  9. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    9:10 PM
    1
    10
    Ya, same here
     
  10. Jimmy

    Jimmy Premium Member Premium Member

    1,114
    247
    63
    Oct 24, 2015
    East Coast USA
    Ratings:
    +596
    Local Time:
    3:10 PM
    1.13.x
    MariaDB 10.1.x
    Wow, my local machine is hours ahead of my remote servers.

    Several hours ago, on my local machine I got curl updates. Wondered why they weren't showing up on my 2 remote servers. Just ran update checks on my two remote servers, just got the curl updates.

    Local server just got the kernel update.
     
  11. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,138
    Local Time:
    5:10 AM
    Nginx 1.13.x
    MariaDB 5.5
    due to yum mirror system needs time to populate the updates

    about 40% of my servers show the updated kernel now :)
     
    • Informative Informative x 2
  12. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    9:10 PM
    1
    10
    Excellent, updated, restarted, no issues
     
    • Like Like x 1
  13. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,138
    Local Time:
    5:10 AM
    Nginx 1.13.x
    MariaDB 5.5
    Yup all my servers are updated and rebooted now :)
     
  14. Matt

    Matt Moderator Staff Member

    691
    319
    63
    May 25, 2014
    Sheffield, UK
    Ratings:
    +444
    Local Time:
    8:10 PM
    1.7.1
    MariaDB 10
    Same for the OVH kernels
    Code:
    [09:05][root@backup.mattwservices.uk ~]# zgrep CONFIG_IP_DCCP /proc/config.gz
    # CONFIG_IP_DCCP is not set
    [09:05][root@backup.mattwservices.uk ~]#
     
    • Like Like x 2
  15. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,138
    Local Time:
    5:10 AM
    Nginx 1.13.x
    MariaDB 5.5
    @Matt that's OVH grs custom kernels right ? :)
     
  16. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,138
    Local Time:
    5:10 AM
    Nginx 1.13.x
    MariaDB 5.5
    I hope everyone has updated their Linux kernels and rebooted there servers by now :) ;) If not DO IT ASAP !
     
  17. pamamolf

    pamamolf Well-Known Member

    2,724
    243
    63
    May 31, 2014
    Ratings:
    +434
    Local Time:
    10:10 PM
    Nginx-1.13.x
    MariaDB 10.1.x
    Servers rebooted with no issues :)
     
    • Like Like x 1
  18. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    9:10 PM
    1
    10
    Seems there's now kernel.x86_64 0:3.10.0-514.10.2.el7
     
    • Agree Agree x 1
    • Informative Informative x 1
  19. Sunka

    Sunka Active Member

    917
    240
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +388
    Local Time:
    9:10 PM
    Nginx 1.13.3
    MariaDB 10.1.24
    Yep...

    Code (Text):
    [root@upcloud ~]# yum update
    Loaded plugins: fastestmirror, priorities
    base                                                                          | 3.6 kB  00:00:00     
    centos-sclo-rh                                                                | 2.9 kB  00:00:00     
    centos-sclo-sclo                                                              | 2.9 kB  00:00:00     
    elasticsearch-5.x                                                             | 1.3 kB  00:00:00     
    epel/x86_64/metalink                                                          |  25 kB  00:00:00     
    epel                                                                          | 4.3 kB  00:00:00     
    extras                                                                        | 3.4 kB  00:00:00     
    mariadb                                                                       | 2.9 kB  00:00:00     
    updates                                                                       | 3.4 kB  00:00:00     
    varnish-4.1                                                                   |  951 B  00:00:00     
    (1/11): base/7/x86_64/group_gz                                                | 155 kB  00:00:00     
    (2/11): epel/x86_64/group_gz                                                  | 170 kB  00:00:00     
    (3/11): epel/x86_64/updateinfo                                                | 750 kB  00:00:00     
    (4/11): centos-sclo-sclo/x86_64/primary_db                                    | 142 kB  00:00:00     
    (5/11): centos-sclo-rh/x86_64/primary_db                                      | 2.2 MB  00:00:00     
    (6/11): epel/x86_64/primary_db                                                | 4.6 MB  00:00:00     
    (7/11): elasticsearch-5.x/primary                                             |  36 kB  00:00:00     
    (8/11): extras/7/x86_64/primary_db                                            | 122 kB  00:00:00     
    (9/11): base/7/x86_64/primary_db                                              | 5.6 MB  00:00:00     
    (10/11): mariadb/primary_db                                                   |  18 kB  00:00:00     
    (11/11): updates/7/x86_64/primary_db                                          | 3.8 MB  00:00:00     
    varnish-4.1/x86_64/primary                                                    | 9.9 kB  00:00:00     
    Determining fastest mirrors
     * base: centos.mirror.far.fi
     * epel: mirror.de.leaseweb.net
     * extras: centos.mirror.far.fi
     * updates: centos.mirror.far.fi
    elasticsearch-5.x                                                                              86/86
    varnish-4.1                                                                                    33/33
    284 packages excluded due to repository priority protections
    Resolving Dependencies
    --> Running transaction check
    ---> Package NetworkManager.x86_64 1:1.4.0-14.el7_3 will be updated
    ---> Package NetworkManager.x86_64 1:1.4.0-17.el7_3 will be an update
    ---> Package NetworkManager-adsl.x86_64 1:1.4.0-14.el7_3 will be updated
    ---> Package NetworkManager-adsl.x86_64 1:1.4.0-17.el7_3 will be an update
    ---> Package NetworkManager-bluetooth.x86_64 1:1.4.0-14.el7_3 will be updated
    ---> Package NetworkManager-bluetooth.x86_64 1:1.4.0-17.el7_3 will be an update
    ---> Package NetworkManager-glib.x86_64 1:1.4.0-14.el7_3 will be updated
    ---> Package NetworkManager-glib.x86_64 1:1.4.0-17.el7_3 will be an update
    ---> Package NetworkManager-libnm.x86_64 1:1.4.0-14.el7_3 will be updated
    ---> Package NetworkManager-libnm.x86_64 1:1.4.0-17.el7_3 will be an update
    ---> Package NetworkManager-team.x86_64 1:1.4.0-14.el7_3 will be updated
    ---> Package NetworkManager-team.x86_64 1:1.4.0-17.el7_3 will be an update
    ---> Package NetworkManager-tui.x86_64 1:1.4.0-14.el7_3 will be updated
    ---> Package NetworkManager-tui.x86_64 1:1.4.0-17.el7_3 will be an update
    ---> Package NetworkManager-wifi.x86_64 1:1.4.0-14.el7_3 will be updated
    ---> Package NetworkManager-wifi.x86_64 1:1.4.0-17.el7_3 will be an update
    ---> Package NetworkManager-wwan.x86_64 1:1.4.0-14.el7_3 will be updated
    ---> Package NetworkManager-wwan.x86_64 1:1.4.0-17.el7_3 will be an update
    ---> Package audit.x86_64 0:2.6.5-3.el7 will be updated
    ---> Package audit.x86_64 0:2.6.5-3.el7_3.1 will be an update
    ---> Package audit-libs.x86_64 0:2.6.5-3.el7 will be updated
    ---> Package audit-libs.x86_64 0:2.6.5-3.el7_3.1 will be an update
    ---> Package audit-libs-python.x86_64 0:2.6.5-3.el7 will be updated
    ---> Package audit-libs-python.x86_64 0:2.6.5-3.el7_3.1 will be an update
    ---> Package device-mapper.x86_64 7:1.02.135-1.el7_3.2 will be updated
    ---> Package device-mapper.x86_64 7:1.02.135-1.el7_3.3 will be an update
    ---> Package device-mapper-libs.x86_64 7:1.02.135-1.el7_3.2 will be updated
    ---> Package device-mapper-libs.x86_64 7:1.02.135-1.el7_3.3 will be an update
    ---> Package firewalld.noarch 0:0.4.3.2-8.1.el7_3 will be updated
    ---> Package firewalld.noarch 0:0.4.3.2-8.1.el7_3.2 will be an update
    ---> Package firewalld-filesystem.noarch 0:0.4.3.2-8.1.el7_3 will be updated
    ---> Package firewalld-filesystem.noarch 0:0.4.3.2-8.1.el7_3.2 will be an update
    ---> Package ghostscript.x86_64 0:9.07-20.el7_3.1 will be updated
    ---> Package ghostscript.x86_64 0:9.07-20.el7_3.3 will be an update
    ---> Package ghostscript-devel.x86_64 0:9.07-20.el7_3.1 will be updated
    ---> Package ghostscript-devel.x86_64 0:9.07-20.el7_3.3 will be an update
    ---> Package kernel.x86_64 0:3.10.0-514.10.2.el7 will be installed
    ---> Package kernel-devel.x86_64 0:3.10.0-514.10.2.el7 will be installed
    ---> Package kernel-headers.x86_64 0:3.10.0-514.6.2.el7 will be updated
    ---> Package kernel-headers.x86_64 0:3.10.0-514.10.2.el7 will be an update
    ---> Package kernel-tools.x86_64 0:3.10.0-514.6.2.el7 will be updated
    ---> Package kernel-tools.x86_64 0:3.10.0-514.10.2.el7 will be an update
    ---> Package kernel-tools-libs.x86_64 0:3.10.0-514.6.2.el7 will be updated
    ---> Package kernel-tools-libs.x86_64 0:3.10.0-514.10.2.el7 will be an update
    ---> Package libgudev1.x86_64 0:219-30.el7_3.6 will be updated
    ---> Package libgudev1.x86_64 0:219-30.el7_3.7 will be an update
    ---> Package microcode_ctl.x86_64 2:2.1-16.1.el7_3 will be updated
    ---> Package microcode_ctl.x86_64 2:2.1-16.3.el7_3 will be an update
    ---> Package polkit.x86_64 0:0.112-9.el7 will be updated
    ---> Package polkit.x86_64 0:0.112-11.el7_3 will be an update
    ---> Package python-firewall.noarch 0:0.4.3.2-8.1.el7_3 will be updated
    ---> Package python-firewall.noarch 0:0.4.3.2-8.1.el7_3.2 will be an update
    ---> Package python-perf.x86_64 0:3.10.0-514.6.2.el7 will be updated
    ---> Package python-perf.x86_64 0:3.10.0-514.10.2.el7 will be an update
    ---> Package selinux-policy.noarch 0:3.13.1-102.el7_3.13 will be updated
    ---> Package selinux-policy.noarch 0:3.13.1-102.el7_3.15 will be an update
    ---> Package selinux-policy-targeted.noarch 0:3.13.1-102.el7_3.13 will be updated
    ---> Package selinux-policy-targeted.noarch 0:3.13.1-102.el7_3.15 will be an update
    ---> Package systemd.x86_64 0:219-30.el7_3.6 will be updated
    ---> Package systemd.x86_64 0:219-30.el7_3.7 will be an update
    ---> Package systemd-libs.x86_64 0:219-30.el7_3.6 will be updated
    ---> Package systemd-libs.x86_64 0:219-30.el7_3.7 will be an update
    ---> Package systemd-sysv.x86_64 0:219-30.el7_3.6 will be updated
    ---> Package systemd-sysv.x86_64 0:219-30.el7_3.7 will be an update
    ---> Package wpa_supplicant.x86_64 1:2.0-20.el7 will be updated
    ---> Package wpa_supplicant.x86_64 1:2.0-21.el7_3 will be an update
    --> Finished Dependency Resolution
    --> Running transaction check
    ---> Package kernel.x86_64 0:3.10.0-327.13.1.el7 will be erased
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    =====================================================================================================
     Package                          Arch           Version                      Repository        Size
    =====================================================================================================
    Installing:
     kernel                           x86_64         3.10.0-514.10.2.el7          updates           37 M
     kernel-devel                     x86_64         3.10.0-514.10.2.el7          updates           13 M
    Updating:
     NetworkManager                   x86_64         1:1.4.0-17.el7_3             updates          2.5 M
     NetworkManager-adsl              x86_64         1:1.4.0-17.el7_3             updates          145 k
     NetworkManager-bluetooth         x86_64         1:1.4.0-17.el7_3             updates          165 k
     NetworkManager-glib              x86_64         1:1.4.0-17.el7_3             updates          385 k
     NetworkManager-libnm             x86_64         1:1.4.0-17.el7_3             updates          443 k
     NetworkManager-team              x86_64         1:1.4.0-17.el7_3             updates          147 k
     NetworkManager-tui               x86_64         1:1.4.0-17.el7_3             updates          223 k
     NetworkManager-wifi              x86_64         1:1.4.0-17.el7_3             updates          175 k
     NetworkManager-wwan              x86_64         1:1.4.0-17.el7_3             updates          169 k
     audit                            x86_64         2.6.5-3.el7_3.1              updates          233 k
     audit-libs                       x86_64         2.6.5-3.el7_3.1              updates           85 k
     audit-libs-python                x86_64         2.6.5-3.el7_3.1              updates           70 k
     device-mapper                    x86_64         7:1.02.135-1.el7_3.3         updates          269 k
     device-mapper-libs               x86_64         7:1.02.135-1.el7_3.3         updates          333 k
     firewalld                        noarch         0.4.3.2-8.1.el7_3.2          updates          386 k
     firewalld-filesystem             noarch         0.4.3.2-8.1.el7_3.2          updates           44 k
     ghostscript                      x86_64         9.07-20.el7_3.3              updates          4.3 M
     ghostscript-devel                x86_64         9.07-20.el7_3.3              updates           50 k
     kernel-headers                   x86_64         3.10.0-514.10.2.el7          updates          4.8 M
     kernel-tools                     x86_64         3.10.0-514.10.2.el7          updates          4.0 M
     kernel-tools-libs                x86_64         3.10.0-514.10.2.el7          updates          3.9 M
     libgudev1                        x86_64         219-30.el7_3.7               updates           76 k
     microcode_ctl                    x86_64         2:2.1-16.3.el7_3             updates          745 k
     polkit                           x86_64         0.112-11.el7_3               updates          167 k
     python-firewall                  noarch         0.4.3.2-8.1.el7_3.2          updates          301 k
     python-perf                      x86_64         3.10.0-514.10.2.el7          updates          4.0 M
     selinux-policy                   noarch         3.13.1-102.el7_3.15          updates          414 k
     selinux-policy-targeted          noarch         3.13.1-102.el7_3.15          updates          6.4 M
     systemd                          x86_64         219-30.el7_3.7               updates          5.2 M
     systemd-libs                     x86_64         219-30.el7_3.7               updates          369 k
     systemd-sysv                     x86_64         219-30.el7_3.7               updates           63 k
     wpa_supplicant                   x86_64         1:2.0-21.el7_3               updates          788 k
    Removing:
     kernel                           x86_64         3.10.0-327.13.1.el7          @updates         136 M
    
    Transaction Summary
    =====================================================================================================
    Install   2 Packages
    Upgrade  32 Packages
    Remove    1 Package
    
    Total download size: 91 M
    Is this ok [y/d/N]: y
    Downloading packages:
    updates/7/x86_64/prestodelta                                                  | 420 kB  00:00:00     
    Delta RPMs reduced 28 M of updates to 10 M (63% saved)
    (1/34): audit-libs-2.6.5-3.el7_2.6.5-3.el7_3.1.x86_64.drpm                    |  11 kB  00:00:00     
    (2/34): NetworkManager-libnm-1.4.0-14.el7_3_1.4.0-17.el7_3.x86_64.drpm        | 144 kB  00:00:00     
    (3/34): audit-libs-python-2.6.5-3.el7_2.6.5-3.el7_3.1.x86_64.drpm             |  10 kB  00:00:00     
    (4/34): firewalld-0.4.3.2-8.1.el7_3_0.4.3.2-8.1.el7_3.2.noarch.drpm           |  75 kB  00:00:00     
    (5/34): NetworkManager-glib-1.4.0-14.el7_3_1.4.0-17.el7_3.x86_64.drpm         | 132 kB  00:00:00     
    (6/34): ghostscript-9.07-20.el7_3.1_9.07-20.el7_3.3.x86_64.drpm               | 250 kB  00:00:00     
    (7/34): microcode_ctl-2.1-16.1.el7_3_2.1-16.3.el7_3.x86_64.drpm               |  29 kB  00:00:00     
    (8/34): device-mapper-libs-1.02.135-1.el7_3.2_1.02.135-1.el7_3.3.x86_64.drpm  | 158 kB  00:00:00     
    (9/34): NetworkManager-1.4.0-14.el7_3_1.4.0-17.el7_3.x86_64.drpm              | 1.8 MB  00:00:00     
    (10/34): polkit-0.112-9.el7_0.112-11.el7_3.x86_64.drpm                        |  58 kB  00:00:00     
    (11/34): python-firewall-0.4.3.2-8.1.el7_3_0.4.3.2-8.1.el7_3.2.noarch.drpm    |  68 kB  00:00:00     
    (12/34): systemd-219-30.el7_3.6_219-30.el7_3.7.x86_64.drpm                    | 1.8 MB  00:00:00     
    (13/34): systemd-libs-219-30.el7_3.6_219-30.el7_3.7.x86_64.drpm               |  70 kB  00:00:00     
    (14/34): NetworkManager-adsl-1.4.0-17.el7_3.x86_64.rpm                        | 145 kB  00:00:00     
    (15/34): NetworkManager-bluetooth-1.4.0-17.el7_3.x86_64.rpm                   | 165 kB  00:00:00     
    (16/34): NetworkManager-team-1.4.0-17.el7_3.x86_64.rpm                        | 147 kB  00:00:00     
    (17/34): NetworkManager-tui-1.4.0-17.el7_3.x86_64.rpm                         | 223 kB  00:00:00     
    (18/34): kernel-devel-3.10.0-514.6.2.el7_3.10.0-514.10.2.el7.x86_64.drpm      | 5.8 MB  00:00:00     
    (19/34): NetworkManager-wifi-1.4.0-17.el7_3.x86_64.rpm                        | 175 kB  00:00:00     
    (20/34): audit-2.6.5-3.el7_3.1.x86_64.rpm                                     | 233 kB  00:00:00     
    (21/34): device-mapper-1.02.135-1.el7_3.3.x86_64.rpm                          | 269 kB  00:00:00     
    (22/34): firewalld-filesystem-0.4.3.2-8.1.el7_3.2.noarch.rpm                  |  44 kB  00:00:00     
    (23/34): ghostscript-devel-9.07-20.el7_3.3.x86_64.rpm                         |  50 kB  00:00:00     
    (24/34): NetworkManager-wwan-1.4.0-17.el7_3.x86_64.rpm                        | 169 kB  00:00:00     
    (25/34): kernel-headers-3.10.0-514.10.2.el7.x86_64.rpm                        | 4.8 MB  00:00:01     
    (26/34): kernel-tools-libs-3.10.0-514.10.2.el7.x86_64.rpm                     | 3.9 MB  00:00:00     
    (27/34): kernel-tools-3.10.0-514.10.2.el7.x86_64.rpm                          | 4.0 MB  00:00:01     
    (28/34): libgudev1-219-30.el7_3.7.x86_64.rpm                                  |  76 kB  00:00:00     
    (29/34): python-perf-3.10.0-514.10.2.el7.x86_64.rpm                           | 4.0 MB  00:00:00     
    (30/34): selinux-policy-3.13.1-102.el7_3.15.noarch.rpm                        | 414 kB  00:00:00     
    (31/34): selinux-policy-targeted-3.13.1-102.el7_3.15.noarch.rpm               | 6.4 MB  00:00:01     
    (32/34): systemd-sysv-219-30.el7_3.7.x86_64.rpm                               |  63 kB  00:00:00     
    (33/34): wpa_supplicant-2.0-21.el7_3.x86_64.rpm                               | 788 kB  00:00:00     
    (34/34): kernel-3.10.0-514.10.2.el7.x86_64.rpm                                |  37 MB  00:00:05     
    Finishing delta rebuilds of 2 package(s) (18 M)
    -----------------------------------------------------------------------------------------------------
    Total                                                                5.4 MB/s |  73 MB  00:00:13     
    Running transaction check
    Running transaction test
    Transaction test succeeded
    Running transaction
      Updating   : systemd-libs-219-30.el7_3.7.x86_64                                               1/67
      Updating   : libgudev1-219-30.el7_3.7.x86_64                                                  2/67
      Updating   : audit-libs-2.6.5-3.el7_3.1.x86_64                                                3/67
      Updating   : systemd-219-30.el7_3.7.x86_64                                                    4/67
      Updating   : systemd-sysv-219-30.el7_3.7.x86_64                                               5/67
      Updating   : 1:wpa_supplicant-2.0-21.el7_3.x86_64                                             6/67
      Updating   : 1:NetworkManager-libnm-1.4.0-17.el7_3.x86_64                                     7/67
      Updating   : polkit-0.112-11.el7_3.x86_64                                                     8/67
      Updating   : 1:NetworkManager-1.4.0-17.el7_3.x86_64                                           9/67
      Updating   : 1:NetworkManager-wwan-1.4.0-17.el7_3.x86_64                                     10/67
      Updating   : 7:device-mapper-libs-1.02.135-1.el7_3.3.x86_64                                  11/67
      Updating   : 7:device-mapper-1.02.135-1.el7_3.3.x86_64                                       12/67
      Updating   : kernel-tools-libs-3.10.0-514.10.2.el7.x86_64                                    13/67
      Updating   : ghostscript-9.07-20.el7_3.3.x86_64                                              14/67
      Updating   : python-firewall-0.4.3.2-8.1.el7_3.2.noarch                                      15/67
      Updating   : selinux-policy-3.13.1-102.el7_3.15.noarch                                       16/67
      Updating   : firewalld-filesystem-0.4.3.2-8.1.el7_3.2.noarch                                 17/67
      Updating   : firewalld-0.4.3.2-8.1.el7_3.2.noarch                                            18/67
      Updating   : selinux-policy-targeted-3.13.1-102.el7_3.15.noarch                              19/67
      Updating   : ghostscript-devel-9.07-20.el7_3.3.x86_64                                        20/67
      Updating   : kernel-tools-3.10.0-514.10.2.el7.x86_64                                         21/67
      Updating   : 1:NetworkManager-bluetooth-1.4.0-17.el7_3.x86_64                                22/67
      Updating   : 1:NetworkManager-wifi-1.4.0-17.el7_3.x86_64                                     23/67
      Updating   : 1:NetworkManager-adsl-1.4.0-17.el7_3.x86_64                                     24/67
      Updating   : 1:NetworkManager-tui-1.4.0-17.el7_3.x86_64                                      25/67
      Updating   : 1:NetworkManager-team-1.4.0-17.el7_3.x86_64                                     26/67
      Updating   : audit-2.6.5-3.el7_3.1.x86_64                                                    27/67
      Updating   : 2:microcode_ctl-2.1-16.3.el7_3.x86_64                                           28/67
      Updating   : audit-libs-python-2.6.5-3.el7_3.1.x86_64                                        29/67
      Updating   : 1:NetworkManager-glib-1.4.0-17.el7_3.x86_64                                     30/67
      Updating   : python-perf-3.10.0-514.10.2.el7.x86_64                                          31/67
      Updating   : kernel-headers-3.10.0-514.10.2.el7.x86_64                                       32/67
      Installing : kernel-devel-3.10.0-514.10.2.el7.x86_64                                         33/67
      Installing : kernel-3.10.0-514.10.2.el7.x86_64                                               34/67
      Cleanup    : firewalld-0.4.3.2-8.1.el7_3.noarch                                              35/67
      Cleanup    : 1:NetworkManager-bluetooth-1.4.0-14.el7_3.x86_64                                36/67
      Cleanup    : 1:NetworkManager-tui-1.4.0-14.el7_3.x86_64                                      37/67
      Cleanup    : 1:NetworkManager-wifi-1.4.0-14.el7_3.x86_64                                     38/67
      Cleanup    : audit-2.6.5-3.el7.x86_64                                                        39/67
      Cleanup    : selinux-policy-targeted-3.13.1-102.el7_3.13.noarch                              40/67
      Cleanup    : ghostscript-devel-9.07-20.el7_3.1.x86_64                                        41/67
      Cleanup    : 1:NetworkManager-wwan-1.4.0-14.el7_3.x86_64                                     42/67
      Cleanup    : 7:device-mapper-1.02.135-1.el7_3.2.x86_64                                       43/67
      Cleanup    : 7:device-mapper-libs-1.02.135-1.el7_3.2.x86_64                                  44/67
      Cleanup    : 1:NetworkManager-team-1.4.0-14.el7_3.x86_64                                     45/67
      Cleanup    : 1:NetworkManager-adsl-1.4.0-14.el7_3.x86_64                                     46/67
      Cleanup    : 1:NetworkManager-1.4.0-14.el7_3.x86_64                                          47/67
      Cleanup    : polkit-0.112-9.el7.x86_64                                                       48/67
      Cleanup    : 1:wpa_supplicant-2.0-20.el7.x86_64                                              49/67
      Cleanup    : systemd-sysv-219-30.el7_3.6.x86_64                                              50/67
      Cleanup    : 1:NetworkManager-libnm-1.4.0-14.el7_3.x86_64                                    51/67
      Cleanup    : audit-libs-python-2.6.5-3.el7.x86_64                                            52/67
      Cleanup    : kernel-tools-3.10.0-514.6.2.el7.x86_64                                          53/67
      Cleanup    : 2:microcode_ctl-2.1-16.1.el7_3.x86_64                                           54/67
      Cleanup    : systemd-219-30.el7_3.6.x86_64                                                   55/67
      Cleanup    : 1:NetworkManager-glib-1.4.0-14.el7_3.x86_64                                     56/67
      Cleanup    : selinux-policy-3.13.1-102.el7_3.13.noarch                                       57/67
      Cleanup    : firewalld-filesystem-0.4.3.2-8.1.el7_3.noarch                                   58/67
      Cleanup    : python-firewall-0.4.3.2-8.1.el7_3.noarch                                        59/67
      Cleanup    : kernel-3.10.0-327.13.1.el7.x86_64                                               60/67
      Cleanup    : kernel-headers-3.10.0-514.6.2.el7.x86_64                                        61/67
      Cleanup    : libgudev1-219-30.el7_3.6.x86_64                                                 62/67
      Cleanup    : systemd-libs-219-30.el7_3.6.x86_64                                              63/67
      Cleanup    : audit-libs-2.6.5-3.el7.x86_64                                                   64/67
      Cleanup    : kernel-tools-libs-3.10.0-514.6.2.el7.x86_64                                     65/67
      Cleanup    : ghostscript-9.07-20.el7_3.1.x86_64                                              66/67
      Cleanup    : python-perf-3.10.0-514.6.2.el7.x86_64                                           67/67
      Verifying  : kernel-3.10.0-514.10.2.el7.x86_64                                                1/67
      Verifying  : kernel-devel-3.10.0-514.10.2.el7.x86_64                                          2/67
      Verifying  : systemd-sysv-219-30.el7_3.7.x86_64                                               3/67
      Verifying  : 1:NetworkManager-libnm-1.4.0-17.el7_3.x86_64                                     4/67
      Verifying  : firewalld-filesystem-0.4.3.2-8.1.el7_3.2.noarch                                  5/67
      Verifying  : audit-2.6.5-3.el7_3.1.x86_64                                                     6/67
      Verifying  : 1:NetworkManager-glib-1.4.0-17.el7_3.x86_64                                      7/67
      Verifying  : kernel-headers-3.10.0-514.10.2.el7.x86_64                                        8/67
      Verifying  : firewalld-0.4.3.2-8.1.el7_3.2.noarch                                             9/67
      Verifying  : 1:NetworkManager-1.4.0-17.el7_3.x86_64                                          10/67
      Verifying  : 1:NetworkManager-bluetooth-1.4.0-17.el7_3.x86_64                                11/67
      Verifying  : selinux-policy-3.13.1-102.el7_3.15.noarch                                       12/67
      Verifying  : 1:NetworkManager-wwan-1.4.0-17.el7_3.x86_64                                     13/67
      Verifying  : 1:NetworkManager-wifi-1.4.0-17.el7_3.x86_64                                     14/67
      Verifying  : systemd-219-30.el7_3.7.x86_64                                                   15/67
      Verifying  : python-firewall-0.4.3.2-8.1.el7_3.2.noarch                                      16/67
      Verifying  : 1:wpa_supplicant-2.0-21.el7_3.x86_64                                            17/67
      Verifying  : ghostscript-9.07-20.el7_3.3.x86_64                                              18/67
      Verifying  : python-perf-3.10.0-514.10.2.el7.x86_64                                          19/67
      Verifying  : systemd-libs-219-30.el7_3.7.x86_64                                              20/67
      Verifying  : polkit-0.112-11.el7_3.x86_64                                                    21/67
      Verifying  : ghostscript-devel-9.07-20.el7_3.3.x86_64                                        22/67
      Verifying  : 2:microcode_ctl-2.1-16.3.el7_3.x86_64                                           23/67
      Verifying  : 7:device-mapper-libs-1.02.135-1.el7_3.3.x86_64                                  24/67
      Verifying  : kernel-tools-3.10.0-514.10.2.el7.x86_64                                         25/67
      Verifying  : libgudev1-219-30.el7_3.7.x86_64                                                 26/67
      Verifying  : 1:NetworkManager-adsl-1.4.0-17.el7_3.x86_64                                     27/67
      Verifying  : 7:device-mapper-1.02.135-1.el7_3.3.x86_64                                       28/67
      Verifying  : selinux-policy-targeted-3.13.1-102.el7_3.15.noarch                              29/67
      Verifying  : 1:NetworkManager-tui-1.4.0-17.el7_3.x86_64                                      30/67
      Verifying  : audit-libs-python-2.6.5-3.el7_3.1.x86_64                                        31/67
      Verifying  : audit-libs-2.6.5-3.el7_3.1.x86_64                                               32/67
      Verifying  : kernel-tools-libs-3.10.0-514.10.2.el7.x86_64                                    33/67
      Verifying  : 1:NetworkManager-team-1.4.0-17.el7_3.x86_64                                     34/67
      Verifying  : 1:NetworkManager-1.4.0-14.el7_3.x86_64                                          35/67
      Verifying  : 1:NetworkManager-team-1.4.0-14.el7_3.x86_64                                     36/67
      Verifying  : kernel-headers-3.10.0-514.6.2.el7.x86_64                                        37/67
      Verifying  : systemd-219-30.el7_3.6.x86_64                                                   38/67
      Verifying  : audit-2.6.5-3.el7.x86_64                                                        39/67
      Verifying  : systemd-libs-219-30.el7_3.6.x86_64                                              40/67
      Verifying  : 1:NetworkManager-glib-1.4.0-14.el7_3.x86_64                                     41/67
      Verifying  : kernel-tools-libs-3.10.0-514.6.2.el7.x86_64                                     42/67
      Verifying  : polkit-0.112-9.el7.x86_64                                                       43/67
      Verifying  : 1:NetworkManager-libnm-1.4.0-14.el7_3.x86_64                                    44/67
      Verifying  : 1:wpa_supplicant-2.0-20.el7.x86_64                                              45/67
      Verifying  : audit-libs-2.6.5-3.el7.x86_64                                                   46/67
      Verifying  : python-perf-3.10.0-514.6.2.el7.x86_64                                           47/67
      Verifying  : selinux-policy-3.13.1-102.el7_3.13.noarch                                       48/67
      Verifying  : 7:device-mapper-1.02.135-1.el7_3.2.x86_64                                       49/67
      Verifying  : kernel-3.10.0-327.13.1.el7.x86_64                                               50/67
      Verifying  : 1:NetworkManager-wifi-1.4.0-14.el7_3.x86_64                                     51/67
      Verifying  : ghostscript-9.07-20.el7_3.1.x86_64                                              52/67
      Verifying  : 1:NetworkManager-bluetooth-1.4.0-14.el7_3.x86_64                                53/67
      Verifying  : python-firewall-0.4.3.2-8.1.el7_3.noarch                                        54/67
      Verifying  : systemd-sysv-219-30.el7_3.6.x86_64                                              55/67
      Verifying  : firewalld-filesystem-0.4.3.2-8.1.el7_3.noarch                                   56/67
      Verifying  : 1:NetworkManager-adsl-1.4.0-14.el7_3.x86_64                                     57/67
      Verifying  : 1:NetworkManager-wwan-1.4.0-14.el7_3.x86_64                                     58/67
      Verifying  : 1:NetworkManager-tui-1.4.0-14.el7_3.x86_64                                      59/67
      Verifying  : 2:microcode_ctl-2.1-16.1.el7_3.x86_64                                           60/67
      Verifying  : kernel-tools-3.10.0-514.6.2.el7.x86_64                                          61/67
      Verifying  : libgudev1-219-30.el7_3.6.x86_64                                                 62/67
      Verifying  : 7:device-mapper-libs-1.02.135-1.el7_3.2.x86_64                                  63/67
      Verifying  : selinux-policy-targeted-3.13.1-102.el7_3.13.noarch                              64/67
      Verifying  : audit-libs-python-2.6.5-3.el7.x86_64                                            65/67
      Verifying  : firewalld-0.4.3.2-8.1.el7_3.noarch                                              66/67
      Verifying  : ghostscript-devel-9.07-20.el7_3.1.x86_64                                        67/67
    
    Removed:
      kernel.x86_64 0:3.10.0-327.13.1.el7                                                               
    
    Installed:
      kernel.x86_64 0:3.10.0-514.10.2.el7            kernel-devel.x86_64 0:3.10.0-514.10.2.el7           
    
    Updated:
      NetworkManager.x86_64 1:1.4.0-17.el7_3                                                             
      NetworkManager-adsl.x86_64 1:1.4.0-17.el7_3                                                       
      NetworkManager-bluetooth.x86_64 1:1.4.0-17.el7_3                                                   
      NetworkManager-glib.x86_64 1:1.4.0-17.el7_3                                                       
      NetworkManager-libnm.x86_64 1:1.4.0-17.el7_3                                                       
      NetworkManager-team.x86_64 1:1.4.0-17.el7_3                                                       
      NetworkManager-tui.x86_64 1:1.4.0-17.el7_3                                                         
      NetworkManager-wifi.x86_64 1:1.4.0-17.el7_3                                                       
      NetworkManager-wwan.x86_64 1:1.4.0-17.el7_3                                                       
      audit.x86_64 0:2.6.5-3.el7_3.1                                                                     
      audit-libs.x86_64 0:2.6.5-3.el7_3.1                                                               
      audit-libs-python.x86_64 0:2.6.5-3.el7_3.1                                                         
      device-mapper.x86_64 7:1.02.135-1.el7_3.3                                                         
      device-mapper-libs.x86_64 7:1.02.135-1.el7_3.3                                                     
      firewalld.noarch 0:0.4.3.2-8.1.el7_3.2                                                             
      firewalld-filesystem.noarch 0:0.4.3.2-8.1.el7_3.2                                                 
      ghostscript.x86_64 0:9.07-20.el7_3.3                                                               
      ghostscript-devel.x86_64 0:9.07-20.el7_3.3                                                         
      kernel-headers.x86_64 0:3.10.0-514.10.2.el7                                                       
      kernel-tools.x86_64 0:3.10.0-514.10.2.el7                                                         
      kernel-tools-libs.x86_64 0:3.10.0-514.10.2.el7                                                     
      libgudev1.x86_64 0:219-30.el7_3.7                                                                 
      microcode_ctl.x86_64 2:2.1-16.3.el7_3                                                             
      polkit.x86_64 0:0.112-11.el7_3                                                                     
      python-firewall.noarch 0:0.4.3.2-8.1.el7_3.2                                                       
      python-perf.x86_64 0:3.10.0-514.10.2.el7                                                           
      selinux-policy.noarch 0:3.13.1-102.el7_3.15                                                       
      selinux-policy-targeted.noarch 0:3.13.1-102.el7_3.15                                               
      systemd.x86_64 0:219-30.el7_3.7                                                                   
      systemd-libs.x86_64 0:219-30.el7_3.7                                                               
      systemd-sysv.x86_64 0:219-30.el7_3.7                                                               
      wpa_supplicant.x86_64 1:2.0-21.el7_3                                                               
    
    Complete!
     
    • Like Like x 1
  20. eva2000

    eva2000 Administrator Staff Member

    30,178
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,138
    Local Time:
    5:10 AM
    Nginx 1.13.x
    MariaDB 5.5
    Another Linux Kernel escalation vulnerability fix CVE-2017-6074 - Red Hat Customer Portal

    Will start a new thread for it :)