CentOS has pushed an important security update to its seventh version. The new release patches five vulnerabilities that were recently discovered in Red Hat Enterprise Linux 7.
Johnny Huges, the CentOS maintainer, has released the update along with a security advisory. The latest patch packages fixes a buffer overflow (CVE-2017-7308) discovered in Linux kernel’s packet_set_ring(). The vulnerability allows an attacker with access to CAP_NET_RAW that can potentially crash the system.
Another reported vulnerability (CVE-2016-8646) was found in kernel’s shash_async_export () function. The vulnerability lets a local user attempt force hashing algorithm into decrypting an empty data set. Also, the update patches vulnerability (CVE-2016-10208) that was associated with memory corruption in mounting a crafted EXT4 partition as read-only. It could lead to SLAB-Out-of-Bounds reads and corrupt the memory unit.
The fourth issue (CVE-2017-5986) that the latest CentOS fixes is a malicious app that can trigger a BUG_ON in Linux kernel’s sctp_wait_for_sndbuf function in case of socket tx buffer is full. Besides, the fifth flaw (CVE-2016-7910) was discovered in seq_file implementation which could allow a local attacker to manipulate memory in the put() function pointer. The vulnerability could allow the attacker to lead to memory corruption.
CentOS 7 users are advised to update their installations with the latest release as soon as possible. You can install the update by typing “su -c ‘yum update” command in the terminal emulator. Also, make sure that you reboot the system following the installation process enable the patches.