Security Linux Kernel Security Updates for CentOS 6 & 7 - CVE-2017-1000364

eva2000 · Jun 22, 2017

A new Linux Kernel security update is out CVE-2017-1000364 - Red Hat Customer Portal and CVE - CVE-2017-1000364. More specific details at https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).
Click to expand...

RHEL/CentOS 6 https://rhn.redhat.com/errata/RHSA-2017-1486.html fixed in 2.6.32-696.3.2.el6 Linux Kernel

RHEL/CentOS 7 https://rhn.redhat.com/errata/RHSA-2017-1484.html fixed in kernel-3.10.0-514.21.2.el7 Linux Kernel

An update for kernel is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

Security Fix(es):

* A flaw was found in the way memory was being allocated on the stack for user
space binaries. If heap (or different memory region) and stack memory regions
were adjacent to each other, an attacker could use this flaw to jump over the
stack guard gap, cause controlled memory corruption on process stack or the
adjacent memory region, and thus increase their privileges on the system. This
is a kernel-side mitigation which increases the stack guard gap size from one
page to 1 MiB to make successful exploitation of this issue more difficult.
(CVE-2017-1000364, Important)

Red Hat would like to thank Qualys Research Labs for reporting this issue.
Click to expand...

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

Security Fix(es):

* A flaw was found in the way memory was being allocated on the stack for user
space binaries. If heap (or different memory region) and stack memory regions
were adjacent to each other, an attacker could use this flaw to jump over the
stack guard gap, cause controlled memory corruption on process stack or the
adjacent memory region, and thus increase their privileges on the system. This
is a kernel-side mitigation which increases the stack guard gap size from one
page to 1 MiB to make successful exploitation of this issue more difficult.
(CVE-2017-1000364, Important)

Red Hat would like to thank Qualys Research Labs for reporting this issue.
Click to expand...

Jimmy · Jun 22, 2017

I was going to post this, but didn't get a chance. My sites seem to have slowed down after this update. It might just be me, my sites have been slammed.

eva2000 · Jun 22, 2017

no problem here with 1/2 my servers updated for CentOS 6 and CentOS 7 updated kernel so far. Doing the other 1/2 today

Jimmy · Jun 22, 2017

Probably just me.

Log in / Register

Forums

Get the most out of your Centmin Mod LEMP stack

Security Linux Kernel Security Updates for CentOS 6 & 7 - CVE-2017-1000364

eva2000 Administrator Staff Member

Jimmy Well-Known Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

.

Log in / Register

Useful Searches

Get the most out of your Centmin Mod LEMP stack

Security Linux Kernel Security Updates for CentOS 6 & 7 - CVE-2017-1000364

eva2000 Administrator Staff Member

Jimmy Well-Known Member

eva2000 Administrator Staff Member

Jimmy Well-Known Member

.