[CVE-2017-1000253] Linux kernel security bug fixed

How to report on zdnet on their article there is a serious bug with linux kernel identified as CVE-2017-1000253:

§ Centos6 con Kernel < 2.6.32-696.10.3
§ Centos7 con Kernel 7.4 kernels < 3.10.0-693

The bug how report zdnet:

This is a problem with how the Linux kernel loaded Executable and Linkable Format (ELF) executables. If an ELF application was built as Position Independent Executable (PIE), the loader could allow part of that application’s data segment to map over the memory area reserved for its stack. This could cause memory corruption. Then, an otherwise unprivileged local user with access to a Set owner User ID (SUID) or otherwise privileged flawed PIE binary, could gain higher-level user privileges.

The bug was fixed so you must to upgrade your kernel.

I used the guide on the site tecmint.com. It was very helpful and easy, consist to install a new kernel and then switch the boot on the new kernel. Suggest to take a snapshot or a backup of your machine / virtual machine.

 

 

Cicciokr

"Javascript is to Java as hamburger is to ham; both are delicious, but they don't have much in common except a name" I'm javascript lovers and this is my site on witch sometimes write about my experience, when i have some free time, and remember: "Homo faber fortunae suae"