Valeri Galtsev
2016-Oct-23 00:49 UTC
[CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw
Dear All, I guess, we all have to urgently apply workaround, following, say, this: https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/ At least those of us who still have important multi user machines running Linux. (Yes, me too, I do have a couple, thank goodness, the rest are already not ;-) Have a productive weekend, everybody. Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
2016-Oct-23 01:20 UTC
[CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw
On Sat, October 22, 2016 7:49 pm, Valeri Galtsev wrote:> Dear All, > > I guess, we all have to urgently apply workaround, following, say, this: > > https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/ > > At least those of us who still have important multi user machines running > Linux.I should have said CentOS 7. Older ones (CentOS 6 and 5) are not vulnerable.> (Yes, me too, I do have a couple, thank goodness, the rest are > already not ;-)Luckily, no multi-user CentOS 7 machines here, only single user workstations. Good luck, everybody! Valeri PS Sorry about a bit premature first message: I realize not that I was in the same state of mind as back then when there was remote root SSH vulnerability. It was long ago, but some may still remember that...> > Have a productive weekend, everybody. > > Valeri > > ++++++++++++++++++++++++++++++++++++++++ > Valeri Galtsev > Sr System Administrator > Department of Astronomy and Astrophysics > Kavli Institute for Cosmological Physics > University of Chicago > Phone: 773-702-4247 > ++++++++++++++++++++++++++++++++++++++++ > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
On Sat Oct 22 08:20:24 PM, Valeri Galtsev wrote:> I should have said CentOS 7. Older ones (CentOS 6 and 5) are not vulnerable.https://bugzilla.redhat.com/show_bug.cgi?id=1384344 Comment #35 points to a link that doesn't depend on /proc/self/mem and claims to work on CentOS 6 and 5. I'm not quite sure what I should be looking for when I run the program, though. I do hope Redhat releases patches soon. Cheers, Zube
Johnny Hughes
2016-Oct-23 12:28 UTC
[CentOS] CVE-2016-5195 “DirtyCOW”: Critical Linux Kernel Flaw
On 10/22/2016 07:49 PM, Valeri Galtsev wrote:> Dear All, > > I guess, we all have to urgently apply workaround, following, say, this: > > https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/ > > At least those of us who still have important multi user machines running > Linux. (Yes, me too, I do have a couple, thank goodness, the rest are > already not ;-) > > Have a productive weekend, everybody. > > ValeriWe are waiting for the official RHEL source code for this issue for the base kernel, and I do not recommend everybody out there use our experimental 4.4.x kernel for x86_64, BUT with that said I did release a kernel on Friday that has the fix for CVE-2016-5195. It is kernel-4.4.26-201.el7.centos.x86_64.rpm, and it lives here: http://mirror.centos.org/altarch/7/experimental/x86_64/ I don't recommend using this in production without lots of testing first, and it requires a new linux-firmware, xfsprogs, supermin5. It also does not support secure boot. I am using it on several (currently 6) machines and we created it for newer IoT type boards and compute sticks, etc. I have it running on 3 laptops and 3 KVM servers without any issues .. but that is a very small subset of tested configurations. Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20161023/f7068b78/attachment-0001.sig>
Gilbert Sebenste
2016-Oct-24 16:29 UTC
[CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw
On Sat, 22 Oct 2016, Valeri Galtsev wrote:> On Sat, October 22, 2016 7:49 pm, Valeri Galtsev wrote: >> Dear All, >> >> I guess, we all have to urgently apply workaround, following, say, this: >> >> https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/ >> >> At least those of us who still have important multi user machines running >> Linux. > > I should have said CentOS 7. Older ones (CentOS 6 and 5) are not vulnerable.Patch is out on RHEL side: https://rhn.redhat.com/errata/RHSA-2016-2098.html ******************************************************************************* Gilbert Sebenste ******** (My opinions only!) ****** *******************************************************************************
Johnny Hughes
2016-Oct-28 14:43 UTC
[CentOS] CVE-2016-5195 “DirtyCOW”: Critical Linux Kernel Flaw
On 10/22/2016 07:49 PM, Valeri Galtsev wrote:> Dear All, > > I guess, we all have to urgently apply workaround, following, say, this: > > https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/ > > At least those of us who still have important multi user machines running > Linux. (Yes, me too, I do have a couple, thank goodness, the rest are > already not ;-) > > Have a productive weekend, everybody. > > Valeri >And to close the book on this CVE, I just pushed the CentOS-5.11 kernel to fix this issue as well: kernel-2.6.18-416.el5 So, the only thing we still have to release is a fixed kernel for the aarch64 AltArch SIG. And we are building a test kernel for that right now. ppc64le, ppc64, i686, arm32 for CentOS-7 .. and all released arches for CentOS-5 and CentOS-6 ... now all have updates released. Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20161028/e8d7b180/attachment-0001.sig>
Valeri Galtsev
2016-Oct-28 14:50 UTC
[CentOS] CVE-2016-5195 âDirtyCOWâ: Critical Linux Kernel Flaw
On Fri, October 28, 2016 9:43 am, Johnny Hughes wrote:> On 10/22/2016 07:49 PM, Valeri Galtsev wrote: >> Dear All, >> >> I guess, we all have to urgently apply workaround, following, say, this: >> >> https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/ >> >> At least those of us who still have important multi user machines >> running >> Linux. (Yes, me too, I do have a couple, thank goodness, the rest are >> already not ;-) >> >> Have a productive weekend, everybody. >> >> Valeri >> > > And to close the book on this CVE, I just pushed the CentOS-5.11 kernel > to fix this issue as well: > > kernel-2.6.18-416.el5Johnny, thanks a lot!! (even though on my most ancient venerable couple of boxes still running CentOS 5 users can not execute anything of their own, so the boxes are immune to hack from inside, is still gives one great feeling to have kernel patched). Thanks again for the great job you, guys are doing! Valeri> > So, the only thing we still have to release is a fixed kernel for the > aarch64 AltArch SIG. And we are building a test kernel for that right > now. > > ppc64le, ppc64, i686, arm32 for CentOS-7 .. and all released arches for > CentOS-5 and CentOS-6 ... now all have updates released. > > Thanks, > Johnny Hughes > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Apparently Analagous Threads
- CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw
- RES: CVE-2016-5195 “DirtyCOWâ€: Critical Linux Kernel Flaw
- CVE-2016-5195 âDirtyCOWâ: Critical Linux Kernel Flaw
- CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw
- CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw