CVE-2017-10000253 CentOS 7.3.1611

Support for security such as Firewalls and securing linux
Post Reply
fuzzy4096
Posts: 12
Joined: 2020/12/14 16:29:11

CVE-2017-10000253 CentOS 7.3.1611

Post by fuzzy4096 » 2020/12/17 15:06:43

Hi All,

I have a CentOS 7.3.1611 system. A report has marked the system as vulnerable o CVE-2017-1000253. If I look at https://access.redhat.com/errata/RHSA-2017:2793 it states that the patch is available for Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.3 and the updated package is kernel-3.10.0-514.32.3.el7.x86_64.rpm.

When I look now in http://mirror.centos.org/centos/ or https://vault.centos.org/ I'm unable to locate this particular package kernel-3.10.0-514.32.3.el7.x86_64.rpm.

My question is, if I can't find it would that mean that it was made available only for RHEL customer that paied for the Extenden Update Support?

Of course I know that the 7.3.1611 version is not getting any updates, nor any security fixe's so what would be the best path to update the system (taking into consideration recent anoucements RH has made).


Thank you for your grea support folks!

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2017-10000253 CentOS 7.3.1611

Post by TrevorH » 2020/12/17 15:16:15

CentOS 7.3 has been out of support since the release of 7.4 more than 3 years ago. You need to run yum update and get your system up to date on 7.9.

EUS is something you have to pay for separately and is for RHEL systems only.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

fuzzy4096
Posts: 12
Joined: 2020/12/14 16:29:11

Re: CVE-2017-10000253 CentOS 7.3.1611

Post by fuzzy4096 » 2020/12/17 15:41:53

Thank you. Is it safe to assume that if let's say I have this vulnerability in CentOS 7.3.1611 it was fixed along the way to CentOS 7.9 ?

I can run rpm -q --changelog <installed kernel> to list whch CVE's were fixed but this AFAIK can be done only for installed packages ? How could I check it then, please ?

Thank you in advance !

BR

tunk
Posts: 1204
Joined: 2017/02/22 15:08:17

Re: CVE-2017-10000253 CentOS 7.3.1611

Post by tunk » 2020/12/17 17:19:54

A web search with these keywords should provide some info:
CVE-2017-1000253 red hat

fuzzy4096
Posts: 12
Joined: 2020/12/14 16:29:11

Re: CVE-2017-10000253 CentOS 7.3.1611

Post by fuzzy4096 » 2020/12/17 17:48:47

Thank you tunk, but as you can see in my inital post I was able to find the RHSA. The fix was included in kernel-3.10.0-514.32.3.el7.x86_64.rpm but only for RHEL customers with Extended Update Support 7.3. So while running CentOS I won't be able to get/install it. I could of course upgrade to 7.9 bo to questions is how can I verify that the vulnerability is no longer present in further releases ? Or is it enough to search for that CVE here and if it is not reported for 7.9 it would be safe to assume that the vulnerability is not / was not present in 7.9 ?

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: CVE-2017-10000253 CentOS 7.3.1611

Post by avij » 2020/12/17 21:53:18

If you had done the web search suggested above, you might have found this Bugzilla entry and especially its comment 12, which says:
This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 prior to kernel version 3.10.0-693, that is Red Hat Enterprise Linux 7.4 GA kernel version. Kernel versions after 3.10.0-693 contain the fix and are thus not vulnerable.
There's also the vulnerability page which also states that versions >= 7.4 are not impacted.

As TrevorH suggested above, running yum update and rebooting will help.

Post Reply