There is a priority kernel update from upstream to resolve CVE-2017-1000364. We feel that this patch is pretty significant and important that the ClearOS users get it in a fast manner. We are building it right now and as soon as it hits updates-testing I need as many community and business users who are willing to dig in to test this out on their servers so that we can fast track it to all boxes out there via updates.
To test this update run the following from command line from a Community version and reboot after the update has completed:
yum update kernel
To test this update run the following from command line from a Community version and reboot after the update has completed:
yum update kernel
Share this post:
Responses (6)
-
Accepted Answer
This fix should be out now for ClearOS 7 Community and Business. We are having some difficulty with 6 but it should be coming soon.
Please apply this update and then reboot your system. If you are running an older kernel the system will not automatically boot so it is important that you reboot after the kernel is applied. The correct kernel should be:
kernel-3.10.0-514.21.2.v7.x86_64
If you run a 'uname -a' in ClearOS 7 and you do not see 3.10.0-514.21.2.v7.x86_64 or later then the fix is NOT yet applied to your system for the 'Stack Clash' vulnerability. -
Accepted Answer
Thanks for your help guys.
The fix has been posted to the updates for Community and should be on their way. However, we still need this specifically tested and because a reboot is required for it to go into effect, we suggest (nay, implore) you to run a reboot after it is installed for two reasons:
1) So that you can give us feedback related to your environment and experience and let us know if there are problems
2) Most importantly, so you are protected from this flaw by the update. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Dave - the command you posted produces an inconsistent system - it does not install kernel components such as kernel-abi-whitelists kernel-headers kernel-tools kernel-doc etc for those that have them installed, whereas the following does... (note the asterisk)
yum --enablerepo=clearos-updates-testing update kernel*
Installed the new kernel and associated kernel components on ClearoS 7.2 and on both 32 / 64 bit ClearOS 6.9 systems. All three came up OK and are running..
Will report any problems - none so far...
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »