thr3ads.net - CentOS - [CentOS] CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw [Oct 2016]

If this information is useful, please help other people find it:
Share via:

Phelps, Matthew

2016-Oct-25 18:58 UTC

[CentOS] CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw

On Tue, Oct 25, 2016 at 2:18 PM, <m.roth at 5-cent.us> wrote:
> My manager just told me that upstream has released a patched kernel for 7:
>
> CentOS package kernel-3.10.0-327.36.3.el7.x86_64.rpm
> see http://rhn.redhat.com/errata/RHSA-2016-2098.html
>
> I'm hoping Johnny can get us that, hopefully before the end of the
week.
>
>        mark
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


That came out this morning:



Johnny Hughes <johnny at centos.org>
7:17 AM (7 hours ago)
to centos-announce



CentOS Errata and Security Advisory 2016:2098 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-2098.html

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
afb7e2a7c3a38185b99f092b70ec274888a5beb136a7e5077559cbd29b3f55d7
kernel-3.10.0-327.36.3.el7.x86_64.rpm
1b33324ee4de14c03dde2eefb91bdee83082dd4ced6c0b94f5ab3253690bce38
kernel-abi-whitelists-3.10.0-327.36.3.el7.noarch.rpm
000ccd89b45a28645202add878b5e37d9a482df68fd5cf12914611098724eea7
kernel-debug-3.10.0-327.36.3.el7.x86_64.rpm
430e59db8a03d01f25ff602e766b96b06157fb881db68ca0cb81f229ec2609d6
kernel-debug-devel-3.10.0-327.36.3.el7.x86_64.rpm
5522697d3b016509dd3744e714d61e5d177921d2a045588730c1cd41713ba2c1
kernel-devel-3.10.0-327.36.3.el7.x86_64.rpm
b3fb9f23b5a2427d90e286350b1e7ded8ce6c3c2c5f7e191ee15bb8a70c981aa
kernel-doc-3.10.0-327.36.3.el7.noarch.rpm
ad0006f10828ff8890c5599982c57a5ed75a9fdc9aab90e0c8cba6422eb766ea
kernel-headers-3.10.0-327.36.3.el7.x86_64.rpm
3639553b0daacf8b577a5576d732eadae1aeef30cf61ca15dd755e439b5a8578
kernel-tools-3.10.0-327.36.3.el7.x86_64.rpm
b66a1c39f21081605dc3f19afc73236b5cb23a1de8d1bd1b14718165663de7ac
kernel-tools-libs-3.10.0-327.36.3.el7.x86_64.rpm
97f1708f020dc0c19c9abead5cabdf813aa56ffdf6f8956811669019d74980d8
kernel-tools-libs-devel-3.10.0-327.36.3.el7.x86_64.rpm
6101abe377f9c3f96f9a0b32840ccde2d60835af96ffbb1c787841e0a98bb755
perf-3.10.0-327.36.3.el7.x86_64.rpm
cd55f641ed83faeb33d35a7915c78f85f58a237612ffebdfd5f41e652472ce7b
python-perf-3.10.0-327.36.3.el7.x86_64.rpm

Source:
fc7d9058db4d12308f80993c446175e0fd45e413ffafa7b9b2b0c38a432a4a3c
kernel-3.10.0-327.36.3.el7.src.rpm



-- 
Matt Phelps
System Administrator, Computation Facility
Harvard - Smithsonian Center for Astrophysics
mphelps at cfa.harvard.edu, http://www.cfa.harvard.edu

m.roth at 5-cent.us

2016-Oct-25 20:37 UTC

head link

[CentOS] CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw

Phelps, Matthew wrote:> On Tue, Oct 25, 2016 at 2:18 PM, <m.roth at 5-cent.us> wrote:
>
>> My manager just told me that upstream has released a patched kernel for
>> 7:
>> CentOS package kernel-3.10.0-327.36.3.el7.x86_64.rpm
>> see http://rhn.redhat.com/errata/RHSA-2016-2098.html
>>
>> I'm hoping Johnny can get us that, hopefully before the end of the
week.
>>
> That came out this morning:
>Didn't see the announcement here, but I found it a bit after I posted.

Thank you, Johnny, and the whole team.

       mark

Johnny Hughes

2016-Oct-26 08:09 UTC

head link

[CentOS] CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw

On 10/25/2016 03:37 PM, m.roth at 5-cent.us wrote:> Phelps, Matthew wrote:
>> On Tue, Oct 25, 2016 at 2:18 PM, <m.roth at 5-cent.us> wrote:
>>
>>> My manager just told me that upstream has released a patched kernel
for
>>> 7:
>>> CentOS package kernel-3.10.0-327.36.3.el7.x86_64.rpm
>>> see http://rhn.redhat.com/errata/RHSA-2016-2098.html
>>>
>>> I'm hoping Johnny can get us that, hopefully before the end of
the week.
>>>
>> That came out this morning:
>>
> Didn't see the announcement here, but I found it a bit after I posted.
> 
> Thank you, Johnny, and the whole team.
> 
You are welcome.

The CentOS-6 kernel with the CVE-2016-5195 is finished, passed our CI
suite tests, and is now pushed to our master mirror
(kernel-2.6.32-642.6.2.el6)

It should be installable from mirror.centos.org in an hour or so.
External mirrors should also be able to start syncing to get it in about
and hour as well.

Still no upstream EL5 release.  We will get that one released as soon as
we have the source code for it.

Thanks,
Johnny Hughes


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20161026/3aa3b2c8/attachment-0001.sig>

Possibly Parallel Threads

Search for more maybe matching threads

CentOS - Oct 2016 - CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw

[CentOS] CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw

[CentOS] CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw

[CentOS] CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw

Possibly Parallel Threads