14 DAY TRIAL // CloudLinux's Mykola Naugolnyi is informing users of the CloudLinux 5 series of server-oriented operating systems based on Red Hat Enterprise Linux 5 about the availability of a new kernel update that patches an important security vulnerability.
The vulnerability, CVE-2016-7117, was discovered and patched upstream, for all supported Red Hat Enterprise Linux releases, and it appears to be a use-after-free security flaw in the socket recvmmsg subsystem of the Linux kernel, which could allow a remote attacker to execute malicious code or corrupt memory on the affected host.
"A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function," reads the security advisory.
The vulnerability is known to affect the realtime-kernel of Red Hat Enterprise MRG 2, as well as the kernel and kernel-rt packages of Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 5 operating systems. However, it's now patched and is also available for CloudLinux 5 users.
Therefore, you are urged to update as soon as possible to version 2.6.18-508.el5.lve0.8.90, which is available for installation directly from CloudLinux's production repository, if you're using 2.6.18-508.el5.lve0.8.89 or an older kernel release. To update, simply run the following command in a terminal emulator or virtual console.
Don't forget to reboot the machine(s) if you're not using KernelCare!
yum install kernel-2.6.18-508.el5.lve0.8.90