On June 19 2017, Red Hat kernel team released 4.13.11 version of kernel for Red Hat Enterprise Linux 7. Red Hat recommends all users of Red Hat Enterprise Linux 7 to upgrade to this new kernel version. This new kernel version fixes one of the critical vulnerabilities: On Red Hat Enterprise Linux 7, Red Hat recommends users to run updated versions of Red Hat Enterprise Linux 7 Enterprise Cloud, Red Hat Enterprise Linux 7 Extended Update Support, Red Hat Enterprise Linux 7 Node Reducing Stresses, Red Hat Enterprise Linux 7 Storage, Red Hat Enterprise Linux 7 Virtualization, Red Hat Enterprise Linux 7 Workload, Red Hat Enterprise Linux 7 Zen as well as Red Hat Enterprise Linux 7 with Red Hat Satellite 5.6 to protect against the Red Hat kernel CVE-2017-9052. On Red Hat Enterprise Linux 6, Red Hat recommends users to run updated versions of Red Hat Enterprise Linux 6 Extended Update Support, Red Hat Enterprise Linux 6 Node Reducing Stresses, Red Hat Enterprise Linux 6 Storage, Red Hat Enterprise Linux 6 Virtualization, Red Hat Enterprise Linux 6 Workload, Red Hat Enterprise Linux 6 Zen as well as Red Hat Enterprise Linux 6 with Red Hat Satellite 5.5 to protect against the Red Hat kernel CVE-2017-9052. Red Hat recommends all users to upgrade to these updated versions as soon as possible.
How to protect your Red Hat Enterprise Linux server?
For Red Hat Enterprise Linux users, there is a way to protect their systems against this new vulnerability released by Red Hat kernel team. First, you need to make sure your kernel is up-to-date with the latest versions. If you are using "yum" command line tool, you can use the following command to update your kernel:
yum update kernel
If your system is already up to date with the latest versions of both kernels as well as updates for other operating systems installed on your system, then there is no need for this step.
New features and bug fixes in Red Hat Enterprise Linux 7.x
- XFS: Add support for the new ea_inode structure in exportfs
- x86: Fix potential kernel crash with Spectre variant 2 mitigation
- x86: Resume from hibernation should work properly again
- Red Hat Enterprise Linux 7.x and 6.x: fix CVE-2017-9052, a security issue in the kernel that impacts many other operating systems
What is new in the Red Hat Enterprise Linux 7.5 kernel?
4.13.11 version of Red Hat Enterprise Linux 7 kernel has been released with the following changes:
* Add a few more modules to the list of modules that are always unloaded on module unload (bnx2, efivars, ixgbevf)
* Fix for a bug in the kernel that caused data corruption when using ext4_find_extent() with a NULL bh->b_state pointer
* Improved scheduling of TCP congestion control algorithm's rate-based phase to improve performance
* Fix a bug in the network interface subsystem that could cause system hang during device discovery.
What is the Red Hat kernel CVE?
On June 19 2017, Red Hat kernel team released 4.13.11 version of kernel for Red Hat Enterprise Linux 7. Red Hat recommends all users of Red Hat Enterprise Linux 7 to upgrade to this new kernel version. This new kernel version fixes one of the critical vulnerabilities: On Red Hat Enterprise Linux 7, Red Hat recommends users to run updated versions of Red Hat Enterprise Linux 7 Enterprise Cloud, Red Hat Enterprise Linux 7 Extended Update Support, Red Hat Enterprise Linux 7 Node Reducing Stresses, Red Hat Enterprise Linux 7 Storage, Red Hat Enterprise Linux 7 Virtualization, Red Hat Enterprise Linux 7 Workload, and a bug fix update for the two-minute time skew timer (CVE-2017-9052). On RHEL 6, the same updates are recommended for those who are running RHEL 6 Extended Update Support and have the two-minute time skew timer enabled.
In short: If you run one or more of these products on your computer or server you should install new updated versions that correct this vulnerability as soon as possible.
What is the vulnerability?
The vulnerability has been assigned CVE-2017-9052 and it was found to underflow the entropy pool in the kernel's ext4 filesystem code.
This vulnerability could lead to local privilege escalation and denial of service attacks.
Timeline
Published on: 05/10/2022 21:15:00 UTC
Last modified on: 05/23/2022 17:29:00 UTC