14 DAY TRIAL // CloudLinux's Mykola Naugolnyi announced today the general availability of new stable kernel updates for the CloudLinux 7 and CloudLinux 6 operating system series.
CloudLinux is a commercial operating system based on Red Hat Enterprise Linux, which means that it always backports the latest security fixes. The new CloudLinux 7 kernel (version 3.10.0-427.36.1.lve1.4.43) and CloudLinux 6 and Hybrid kernel (version 2.6.32-673.26.1.lve1.4.24) is here to fix the CVE-2017-2647 security flaw.
"A null pointer dereference vulnerability was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL by unprivileged local user was found. It is possible that an attacker could crash the system or escalate privileges using this vulnerability," reads the upstream security advisory.
Here's how to update your systems right now
The issue is also affecting the Red Hat Enterprise Linux 7, 6, and 5 operating systems series, as well as Red Hat Enterprise MRG 2, and it's been fixed upstream. CloudLinux 7 and CloudLinux 6 users can also install the patch on their installations if they run the following commands in a terminal emulator.
For CloudLinux 7
yum install kernel-3.10.0-427.36.1.lve1.4.43.el7 kmod-lve-1.4-43.el7
For CloudLinux 6
yum install kernel-2.6.32-673.26.1.lve1.4.24.el6 kmod-lve-1.4-24.el6
For CloudLinux 5 Hybrid
yum install kernel-2.6.32-673.26.1.lve1.4.24.el5h kmod-lve-1.4-24.el5h
As usual, don't forget to reboot your system for the new kernel version to take effect. These patched kernel versions are live in the stable software repositories, so we recommend updating as soon as possible to ensure you have a secure infrastructure. More details can be found in today's announcements, here and here.