Beta kernel users are urged to update immediately

Feb 28, 2017 15:28 GMT  ·  By

CloudLinux's Mykola Naugolnyi announced today the availability of a new Beta kernel for the CloudLinux 7 operating system series, which patches a recently discovered and critical security flaw.

As expected, today's kernel update addresses the recently discovered CVE-2017-6074 security issue, which is marked as important and has been already patched in many GNU/Linux distributions, including those based on Red Hat Enterprise Linux (RHEL), such as CentOS 5.

CloudLinux 7 is also based on RHEL, specifically on Red Hat Enterprise Linux 7 series, so it always receives the latest security patches as soon as they are released upstream. CVE-2017-6074 is a use-after-free flaw discovered in Linux kernel's DCCP (Datagram Congestion Control Protocol).

It could be exploited by an unprivileged local attacker to escalate his/her privileges on the vulnerable system by altering the kernel memory. Red Hat marked the security issue as important and you should update your installations immediately to kernel version 3.10.0-427.36.1.lve1.4.39 if you're running CloudLinux 7.

The updated CloudLinux 7 kernel is available as we speak from the updates-testing repository of the operating system, and can be installed on your machine(s) if you open a terminal emulator or switch to the virtual console and run the following command. Don't forget to reboot your computer once the new kernel was installed successfully.

yum install kernel-3.10.0-427.36.1.lve1.4.39.el7 kmod-lve-1.4-39.el7 --enablerepo=cloudlinux-updates-testing We always recommend users to keep their operating systems and installed software up to date to avoid any security problems. However, we remind you that this is a Beta kernel, which means that it's not recommended for deployment in production environments just yet.