Important CentOS 7 Linux Kernel Security Patch Released, 3 Vulnerabilities Fixed

By Lotte Nielsen

Jan 26

CentOS developer and maintainer Johnny Hughes is announcing the availability of a new, important Linux kernel security update for the CentOS 7 series of operating systems.

As for the other two security issues, CVE-2016-6828 is a use-after-free vulnerability discovered in Linux kernel’s tcp_xmit_retransmit_queue, as well as other tcp_* functions, allowing an attacker to send a false selective acknowledgment to current network connections, possibly resetting them.

On the other hand, CVE-2016-9555 is a security flaw discovered in Linux kernel’s Stream Control Transmission Protocol (SCTP) transport-layer protocol implementation, which could allow a remote attacker to crash the vulnerable system by triggering an out-of-bounds read with an offset of up to 64kB.

Read more

Source of this information:
http://linux.softpedia.com/blog/important-centos-7-linux-kernel-security-patch-released-3-vulnerabilities-fixed-512060.shtml

Author: Marius Nestor