Question CVE-2017-1000253 and CentOS 7.4 kernel

[OverWolf]

Hi,
for Kernel ELF security patch I've read that all CentOS 7.4 kernel 3.10.0-693 and higher have fixed this vulnerability. After I have update CentOS from plesk my kernel is 3.10.0-327.18.2.el7.x86_64.

Now, what can I do ?

 

[IgorG]

Just update your kernel. For example, on my test Plesk server I see:

# uname -a
Linux a10-52-56-140.qa.plesk.ru 3.10.0-693.2.2.el7.x86_64 #1 SMP Tue Sep 12 22:26:13 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)

 

[OverWolf]

Hi IgorG,

I've found this article :

Is it safe to update system packages using an operating system package manager?

and so I've mod my yum.conf to exclude kernel update. I'm on a VM, but I think that this patch for kernel is "a must have". So, do you think that I can remove the exclusion from yum.conf even if is there that article ?

 

[IgorG]

If you have this exclusion in yum.conf, you can remove it and upgrade the kernel, but be sure that it will not affect your VM correct operation. I would suggest you confirm this action with the admin of hardware node.

 

[OverWolf]

Hi IgorG,

I have this exclusion for that article. After I have read this :
some packages may conflict with Plesk or another software

I have configure yum to complain that settings. So, should I follow that directive or not ?

 

[IgorG]

I see no reason to be afraid of installing a new version of the kernel from the official OS repository.

 

[OverWolf]

Ok, thank you Igor.

If you say so, maybe that article can update...imho