Beta users are urged to update their systems immediately

May 23, 2017 23:59 GMT  ·  By

CloudLinux's Mykola Naugolnyi informed the community today about the availability of yet another Beta kernel security update for those running the latest CloudLinux 7 operating system.

Available for both CloudLinux 7 and CloudLinux 6 Hybrid installations, the new Beta kernel, versioned 3.10.0-614.10.2.lve1.4.50, is now available for download from the updates-testing repository. It replaces the previous kernel 3.10.0-614.10.2.lve1.4.48 to improve the fix for the CVE-2017-7895 security issue.

"The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly have unspecified other impact via crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c," reads the security notice.

If you managed to install the Beta kernel published last week, you should consider updating it as soon as possible to properly patch said security vulnerability. To update your CloudLinux 7 or CloudLinux 6 Hybrid installations, open a terminal emulator and run the following commands.

For CloudLinux 7:
yum install kernel-3.10.0-614.10.2.lve1.4.50.el7 kmod-lve-1.4-50.el7 --enablerepo=cloudlinux-updates-testing
For CloudLinux 6 Hybrid:
yum install kernel-3.10.0-614.10.2.lve1.4.50.el6h kmod-lve-1.4-50.el6h --enablerepo=cloudlinux-updates-testing,cloudlinux-hybrid-testing
Of course, if you're not using the KernelCare kernel livepatch service from CloudLinux, you'll have to reboot your machine(s) after installing the new kernel version. Please note that this update has no impact in any of the upstream Red Hat Enterprise Linux operating systems, which already received the security fix.