Dirty Cow – CVE-2016-5195

One vulnerability in the Linux kernel

A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings.

An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

Centos/Redhat affected versions: 5/6/7



Script to check the vulnerability: https://access.redhat.com/sites/default/files/rh-cve-2016-5195_5.sh


How to install opera 47 in CentOS 7

Opera 47 with CentOS 7

  1. Download the RPM from the URL:
  2. yum localinstall opera-stable_47.0.2631.80_amd64.rpm (change the rpm file name if necessary)




CentOS 7.4 is released

CentOS-7 (1708) – 7.4 is released

CentOS 7.4 (1708)

Some known issues:

  • ip6tables where the iptables service fails to start - apply the fix:  iptables-1.4.21-18.0.1.el7
  • The version of libgpod in EPEL repository is different in CentOS 7.4, workaround:
    yum downgrade libgpod.
  • Use VirtualBox 5.1.28 or later in CentOS 7.4. (old version is not fully compatible in CentOS 7.4
  • From RHEL/CentOS7.4, the size of the /boot partition changed to be minimum 1GB, because of significant increase of the initramfs.
  • Samba problem, apply the workaround: krb5-libs-1.15.1-8.el7
    Except in this case:
    Samba share with sssd authentication is broken. A workaround is to downgrade the samba packages to an earlier version.
  • At least 1024 MB RAM is required is for CentOS 7.4, Use at least 1344 MB RAM, for the installation of LiveGNOME/LiveKDE.
  • The screen resolution is 800×600 or superior.
  • Changed icon size if necessary with the workaround:
    gsettings set org.gnome.nautilus.icon-view default-zoom-level ‘small’

Upgrade problem:

  • For users of openldap-servers with ppolicy, before the upgrade, check this: https://bugs.centos.org/view.php?id=13750
  • For users need rdma, do this before upgrade: yum install rdma-core && yum update
  • Gnome is too dark colours, workaround: yum reinstall vte291

For VMs:

  • VMware Workstation/VMware ESXi (SCSI adapters: BusLogic and LsiLogic)
    The default kernel from CentOS 7 does not include the corresponding driver, e.g
    an unbootable system if you install on a SCSI disk using the defaults for CentOS
    workaround: Select “Red Hat Enterprise Linux” and “paravirtualized SCSI adapter”.
  • CentOS-7 as a Xen domU in ParaVirtualization (PV) mode, an upgrade to CentOS-7 (1708) will cause the VM to not be able to boot.
    workaround: Use HVM (full emulation) or PV-on-HVM mode


CVE-2017-7494 – Samba 漏洞


All versions of Samba from 3.5.0 onwards are vulnerable to a remote
code execution vulnerability, allowing a malicious client to upload a
shared library to a writable share, and then cause the server to load
and execute it.

Manual fix/Workaround

Add the parameter:
nt pipe support = no

to the [global] section of your smb.conf and restart smbd. This
prevents clients from accessing any named pipe endpoints. Note this
can disable some expected functionality for Windows clients.


More 1 second (leap second) – 2017

Counting down to 2017 will take more 1 second, e.g.

After 23.59:59 on 31 December, it will be 23:59:60

Leap seconds are a periodic one-second adjustment of Coordinated Universal Time(UTC) in order to keep a system’s time of day close to the mean solar time.

However, the Earth’s rotation speed varies in response to climatic and geological events, and due to this, UTC leap seconds are irregularly spaced and unpredictable.


For systems (redhat 4/5/6/7) not synchronized by ntpd or ptp an updated tzdata package that contains the December 31st leap second is required.


tzdata-2016g-2.el4 (redhat4)

tzdata-2016g-2.el5 (redhat5)

tzdata-2016g-2.el6 (redhat 6)

tzdata-2016g-2.el7(redhat 7)