Get the most out of your Centmin Mod LEMP stack
Become a Member

Security [September 2017] Redhat/CentOS Linux Kernel Security Update CVE-2017-1000253

Discussion in 'CentOS, Redhat & Oracle Linux News' started by eva2000, Sep 29, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    30,196
    6,789
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,144
    Local Time:
    7:29 PM
    Nginx 1.13.x
    MariaDB 5.5
    Redhat & CentOS 6.x and CentOS 7.3 and lower have a new Linux Kernel security update for security vulnerability CVE-2017-1000253. OpenVZ VPS users don't use their own Linux Kernels like dedicated, KVM or Xen users so need to make sure their OpenVZ VPS provider's host node kernel is updated.

    Info


    Updating Linux Kernel



    So need to do 2 steps for non-openvz systems. For openvz vps you use host node kernel and not your own so only your web host can update the host node kernel so contact them. Some openvz vps providers also use KernelCare so are auto patched up but some don't.
    1. Do a yum update
      Code (Text):
      yum -y update
      then check if updated kernel version is updated via
      Code (Text):
      yum list kernel
      output
    2. Then reboot your server for Kernel update to take effect. If you use KernelCare KernelCare rebootless kernel updates - CentminMod.com LEMP Nginx web stack for CentOS they auto patch your kernel every 4hrs and do not require server reboots. Then verify after reboot of kernel version via
      Code (Text):
      uname -r
      or if using KernelCare via
      Code (Text):
      kcare-uname -r

    Update SSH Commands



    Updating yum packages via yum update
    Code (Text):
    yum -y update
    

    After update and server reboot verify updated kernel with command
    Code (Text):
    uname -r
    

    or if using KernelCare via
    Code (Text):
    kcare-uname -r
    


    Summary


    • Redhat/CentOS 6.x users need to update to Linux Kernel 2.6.32-696.10.3 as per https://access.redhat.com/errata/RHSA-2017:2795 and then reboot their servers.
    • Redhat/CentOS 7.x users best to update to 7.4 OS which has fixed Linux Kernel 3.10.0-693 or higher.