CentOS 6 and Red Hat Enterprise Linux 6 Get Important Kernel Security Update
An important kernel security update has been released for the CentOS 6 and Red Hat Enterprise Linux 6 operating system series to address a recently discovered vulnerability and other bugs.
Marked by the Red Hat Product Security team as having an “Important” security impact, the new kernel security update contains a fix for a race condition vulnerability affecting the raw MIDI kernel driver that could lead to a double-free or double realloc, as well as a fix for a bug that caused apps compiled with GCC 4.4.7 to trigger a segmentation fault.
This kernel update removes a 64k limit check in the page fault handler in applications compiled with GNU Compiler Collection (GCC) version 4.4.7, ensuring the smooth running of these applications without triggering a segmentation fault. However, Red Hat noted that fact that removing the limit check has no impact on the integrity of the kernel itself.
“It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation,” reads CVE-2018-10902.
Red Hat Enterprise Linux 6 and CentOS 6 users must update their systems
Users are urged to update their installations to the new kernel versions for their respective systems as soon as possible. The kernel-2.6.32-754.11.1.el6 update is available for all supported architectures, including 32-bit (i386), 64-bit (x86_64), s390x, and PPC64 (PowerPC 64-bit) for both CentOS 6 and Red Hat Enterprise Linux 6 machines, and can be installed through the official repositories.
Affected systems include Red Hat Enterprise Linux Server 6, Red Hat Enterprise Linux Server 6, Red Hat Enterprise Linux Workstation 6, Red Hat Enterprise Linux Desktop 6, Red Hat Enterprise Linux for IBM z Systems 6, Red Hat Enterprise Linux for Power, big endian 6, Red Hat Enterprise Linux for Scientific Computing 6, and CentOS Linux 6.