The Red Hat Enterprise Linux (RHEL) 6 and CentOS 6 operating system series have received a new important Linux kernel security update that addresses two vulnerabilities.
Published by Red Hat Product Security, a new Linux kernel security advisory marked as having an important security impact describes two security vulnerabilities affecting all supported Red Hat Enterprise Linux 6 and CentOS Linux 6 releases.
One of the two vulnerabilities addressed are a three-year-old CVE-2017-1000371 discovered in Linux kernel’s offset2lib patch, the implementation of mapping ELF PIE binary loading. The flaw allows the stack-guard page protection mechanisms to be evaded.
Red Hat noted that that this flaw doesn’t affect the Linux kernel packages in Red Hat Enterprise Linux 7, nor MRG-2 and realtime kernels.
The second security vulnerability is CVE-2019-17666 and was discovered in Linux kernel’s RealTek wireless driver implementation. This could lead to a buffer overflow when the networking hardware is configured to accept WiFi-Direct or WiFi P2P connections.
“An attacker within the wireless network connectivity radio range can exploit a flaw in the WiFi-direct protocol known as “Notice of Absence” by creating specially crafted frames which can then corrupt kernel memory,” noted Red Hat Product Security.
Affected systems include Red Hat Enterprise Linux Server 6 (x86_64 and i386), Red Hat Enterprise Linux Workstation 6 (x86_64 and i386), Red Hat Enterprise Linux Desktop 6 (x86_64 and i386), Red Hat Enterprise Linux for IBM z Systems 6, Red Hat Enterprise Linux for Power, big endian 6, Red Hat Enterprise Linux for Scientific Computing 6 (x86_64), and CentOS Linux 6.
All RHEL 6 and CentOS 6 users are urged to update the kernel packages in their systems as soon as possible to mitigate the two flaws. A system reboot is required after installing the new kernel version (kernel-2.6.32-754.29.1.el6).Last updated