{"id":69912,"date":"2024-02-24T14:09:03","date_gmt":"2024-02-24T06:09:03","guid":{"rendered":"http:\/\/gulass.cn\/?p=69912"},"modified":"2024-02-24T14:09:03","modified_gmt":"2024-02-24T06:09:03","slug":"centos-7-linux","status":"publish","type":"post","link":"https:\/\/gulass.cn\/centos-7-linux.html","title":{"rendered":"CentOS 7 \u5e26\u6765Linux\u5185\u6838\u5b89\u5168\u66f4\u65b0\u7684\u4fee\u590d"},"content":{"rendered":"<p>CentOS \u662f\u57fa\u4e8e Red Hat Enterprise Linux \u7684\u64cd\u4f5c\u7cfb\u7edf\uff0c\u6240\u4ee5\u5b83\u4e5f\u7ee7\u627f\u4e86\u5176\u5b89\u5168\u66f4\u65b0\uff0c\u6700\u8fd1\u7684\u66f4\u65b0\u662f\u5bf9 Red Hat\u00a0Enterprise Linux 7 \u5185\u6838\u8f6f\u4ef6\u5305\u53d1\u73b0\u7684\u4e94\u4e2a\u6f0f\u6d1e\u6253\u800c\u8fdb\u884c\u7684\u4fee\u8865\uff0c\u8fd9\u4e9b\u6f0f\u6d1e\u4e5f\u4f1a\u5f71\u54cd\u5230 CentOS 7 \u7528\u6237\u3002<br \/>\n<img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"768\" class=\"alignnone wp-image-89753 size-full\" src=\"http:\/\/gulass.cn\/wp-content\/uploads\/2017\/12\/1-2.jpg\" srcset=\"https:\/\/gulass.cn\/wp-content\/uploads\/2017\/12\/1-2.jpg 1024w, https:\/\/gulass.cn\/wp-content\/uploads\/2017\/12\/1-2-300x225.jpg 300w, https:\/\/gulass.cn\/wp-content\/uploads\/2017\/12\/1-2-768x576.jpg 768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/> \u6839\u636e\u7ea2\u5e3d\u4e0a\u6e38\u7684\u91cd\u8981\u5b89\u5168\u516c\u544a\uff0c\u5df2\u66f4\u65b0\u7684\u5185\u6838\u8f6f\u4ef6\u5305\u662f\u9488\u5bf9\u5728 Linux \u5185\u6838\u7684 packet_set_ring() \u51fd\u6570\u4e2d\u53d1\u73b0\u7684\u7f13\u51b2\u533a\u6ea2\u51fa(CVE-2017-7308)\u8fdb\u884c\u7684\u4fee\u8865\uff0c\u8be5\u6f0f\u6d1e\u4f1a\u5bfc\u81f4\u672c\u5730\u653b\u51fb\u8005\u4f7f\u7528 CAP_NET_RAW \u8bbf\u95ee\u8fdb\u884c\u653b\u51fb\u4ece\u800c\u5bfc\u81f4\u7cfb\u7edf\u5d29\u6e83\u3002<\/p>\n<p>\u5728 Linux \u5185\u6838\u7684 shash_async_export() \u51fd\u6570\u53d1\u73b0\u4e86\u53e6\u4e00\u4e2a\u6f0f\u6d1e(CVE-2016-8646)\uff0c\u5b83\u4f1a\u8ba9\u65e0\u7279\u6743\u7684\u672c\u5730\u7528\u6237\u5c1d\u8bd5\u5f3a\u5236\u7528\u5185\u6838\u7684\u6563\u5217\u7b97\u6cd5\u6765\u89e3\u5bc6\u4e00\u4e2a\u7a7a\u6570\u636e\u96c6\u3002\u53e6\u5916\uff0c\u8fd8\u53d1\u73b0\u624b\u52a8\u5c06 EXT4 \u5206\u533a\u5b89\u88c5\u4e3a\u53ea\u8bfb\u53ef\u80fd\u4f1a\u5bfc\u81f4 SLAB-Out-of-Bounds \u8bfb\u53d6\u548c\u5185\u5b58\u635f\u574f(CVE-2016-10208)\u3002<\/p>\n<p>\u5efa\u8bae\u7528\u6237\u5c3d\u5feb\u66f4\u65b0\u5230 kernel-3.10.0-514.21.1.el7\u3002\u7b2c\u56db\u4e2a\u5b89\u5168\u95ee\u9898\uff08CVE-2017-5986\uff09\u662f\u5173\u4e8e\u6076\u610f\u5e94\u7528\u7a0b\u5e8f\uff0c\u5982\u679c\u5957\u63a5\u5b57tx\u7f13\u51b2\u533a\u5df2\u6ee1\uff0c\u53ef\u80fd\u4f1a\u89e6\u53d1 Linux \u5185\u6838\u7684 sctp_wait_for_sndbuf \u51fd\u6570\u4e2d\u7684 BUG_ON\u3002\u6709\u5173\u8fd9\u4e2a\u7f3a\u9677\u7684\u66f4\u591a\u7ec6\u8282\u53ef\u4ee5\u5728\u76f8\u5e94\u7684 CVE \u62a5\u544a\u548c Red Ha t\u7684\u5b89\u5168\u54a8\u8be2\u4e2d\u627e\u5230\u3002<\/p>\n<p>\u6700\u540e\uff0c\u5728 Linux \u5185\u6838 seq_file \u7684\u5b9e\u73b0\u4e2d\u53d1\u73b0\u4e86\u7b2c\u4e94\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff08CVE-2016-7910\uff09\uff0c\u8fd9\u53ef\u80fd\u4f7f\u672c\u5730\u653b\u51fb\u8005\u5728 put() \u51fd\u6570\u6307\u9488\u4e2d\u64cd\u7eb5\u5185\u5b58\uff0c\u4ece\u800c\u5bfc\u81f4\u5185\u5b58\u635f\u574f\u6216\u5141\u8bb8\u653b\u51fb\u8005\u63d0\u9ad8\u4ed6\/\u5979\u5bf9\u8fd9\u4e2a\u6709\u6f0f\u6d1e\u7684\u7cfb\u7edf\u63a7\u5236\u7684\u7279\u6743\u3002<\/p>\n<blockquote>\n<p style=\"text-align: left; color: #88a6a4;\">\u539f\u6587\u6765\u81ea\uff1a<a href=\"https:\/\/www.oschina.net\/news\/85274\/important-centos-7-linux-kernel-security-update\" target=\"_blank\" rel=\"noopener\">https:\/\/www.oschina.net\/news\/85274\/important-centos-7-linux-kernel-security-update<\/a><\/p>\n<p style=\"text-align: left; color: #88a6a4;\">\u672c\u6587\u5730\u5740\uff1a<a href=\"http:\/\/gulass.cn\/centos-7-linux.html\" target=\"_blank\" rel=\"noopener\">http:\/\/gulass.cn\/centos-7-linux.html<\/a><span style=\"float: right;\">\u7f16\u8f91\u5458\uff1a\u90ed\u5efa\u9e4f\uff0c\u5ba1\u6838\u5458\uff1a\u9004\u589e\u5b9d<\/span><\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>\u3010\u4e0a\u4e91\u72c2\u6b22\u8282\u30116\u5143\u865a\u673a+9\u5143\u5efa\u7ad9+\u514d\u8d39\u5957\u9910\uff0c\u5c06\u666e\u60e0\u8fdb\u884c\u5230\u5e95\uff01&gt;&gt;&gt;&nbsp;&nbsp;<\/p>\n","protected":false},"author":323,"featured_media":89755,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[21],"tags":[],"class_list":["post-69912","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"acf":[],"_links":{"self":[{"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/posts\/69912","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/users\/323"}],"replies":[{"embeddable":true,"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/comments?post=69912"}],"version-history":[{"count":4,"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/posts\/69912\/revisions"}],"predecessor-version":[{"id":89817,"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/posts\/69912\/revisions\/89817"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/media\/89755"}],"wp:attachment":[{"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/media?parent=69912"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/categories?post=69912"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gulass.cn\/wp-json\/wp\/v2\/tags?post=69912"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}