Kernel packages prior to version 3.10.0-693 Red Hat Enterprise Linux (RHEL) 7 contain a vulnerability described in CVE-2017-1000253

Kernel packages prior to version 3.10.0-693 Red Hat Enterprise Linux (RHEL) 7 contain a vulnerability described in CVE-2017-1000253

  • Article ID:100040540
  • Last Published:
  • Product(s):Appliances

Severity

Security Vulnerability

Description

CVE ID: CVE-2017-1000253
Severity: Critical
CVSS v3 Base Score: 7.8

Kernel packages prior to version 3.10.0-693 Red Hat Enterprise Linux (RHEL) 7 contain a vulnerability described in CVE-2017-1000253. This vulnerability can allow part of a data segment in an application to map over the memory area that is reserved for its stack, causing memory corruption. This problem could potentially allow an unprivileged local user to escalate their privileges on the system.

NetBackup Appliance releases 2.7.3, 3.0 and 3.1 use the affected RHEL kernel versions.

This patch contains security enhancement to mitigate the kernel vulnerability issue in NetBackup Appliances for CVE-2017-1000253.

Action Required

Emergency Engineering Binaries (EEBs) that address this vulnerability are available for the following NetBackup Appliance release versions:

2.7.3, 3.0 and 3.1

Apply the appropriate EEB for your version.

Before installing the EEB, note the following:

  • This EEB must be installed on both the master server appliance and all associated media server appliances.
  • A reboot is not required after EEB installation.
  • If you upgrade your appliance after installing this EEB, you must reinstall the EEB that is associated with the upgraded software version.
  • If you have appliances with software versions 2.7.1 or 2.7.2, you must contact Technical Support for assistance to mitigate this vulnerability.  Make sure to provide this article number to the support representative.

 

Downloads

References

Etrack : 3931827

Was this content helpful?