search for: dirtycow

...to do it? Thanks, your help is very much appreciated. ----- Original Message ----- From: "Richard" <lists-centos at listmail.innovate.net> To: "CentOS mailing list" <centos at centos.org> Sent: Tuesday, November 1, 2016 5:05:59 PM Subject: Re: [CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw > Date: Tuesday, November 01, 2016 18:49:56 -0500 > From: Valeri Galtsev <galtsev at kicp.uchicago.edu> > > On Tue, November 1, 2016 6:25 pm, Tony Mountifield wrote: >> In article <5818CD31.4050008 at moving-picture.com>, >> James Pea...

Dear All, I guess, we all have to urgently apply workaround, following, say, this: https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/ At least those of us who still have important multi user machines running Linux. (Yes, me too, I do have a couple, thank goodness, the rest are already not ;-) Have a productive weekend, everybody. Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr...

On Sat, October 22, 2016 7:49 pm, Valeri Galtsev wrote: > Dear All, > > I guess, we all have to urgently apply workaround, following, say, this: > > https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/ > > At least those of us who still have important multi user machines running > Linux. I should have said CentOS 7. Older ones (CentOS 6 and 5) are not vulnerable. > (Yes, me too, I do have a couple, thank goodness, the rest are > already not ;-) Luc...

...Galtsev wrote: > >> On Sat, October 22, 2016 7:49 pm, Valeri Galtsev wrote: >>> Dear All, >>> >>> I guess, we all have to urgently apply workaround, following, say, >>> this: >>> >>> https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/ >>> >>> >>> At least those of us who still have important multi user machines >>> running >>> Linux. >> >> I should have said CentOS 7. Older ones (CentOS 6 and 5) are not >> vulnerable. > > Patch...

On 10/22/2016 07:49 PM, Valeri Galtsev wrote: > Dear All, > > I guess, we all have to urgently apply workaround, following, say, this: > > https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/ > > At least those of us who still have important multi user machines running > Linux. (Yes, me too, I do have a couple, thank goodness, the rest are > already not ;-) > > Have a productive weekend, everybody. > > Valeri > And to close...

On 02/11/16 13:05, Richard wrote: > RHEL/Centos-4 is EOL so wouldn't be updated regardless (at least > under the normal EOL guidelines), but it is mentioned toward the > bottom of that page under "Affected Packages State": > > Red Hat Enterprise Linux 4 kernel Not affected It is mentioned because RHEL4 is in extended life phase, so not EOL yet. CentOS 4 is EOL

...f the system. Thanks in advance for your help. Regards, CHRIS ----- Original Message ----- From: "Peter" <peter at pajamian.dhs.org> To: "CentOS mailing list" <centos at centos.org> Sent: Wednesday, November 2, 2016 12:52:03 PM Subject: Re: [CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw On 02/11/16 13:05, Richard wrote: > RHEL/Centos-4 is EOL so wouldn't be updated regardless (at least > under the normal EOL guidelines), but it is mentioned toward the > bottom of that page under "Affected Packages State": > > Red Hat Ent...

On Sat, 22 Oct 2016, Valeri Galtsev wrote: > On Sat, October 22, 2016 7:49 pm, Valeri Galtsev wrote: >> Dear All, >> >> I guess, we all have to urgently apply workaround, following, say, this: >> >> https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/ >> >> At least those of us who still have important multi user machines running >> Linux. > > I should have said CentOS 7. Older ones (CentOS 6 and 5) are not vulnerable. Patch is out on RHEL side: https://rhn.redhat.com/errata/RHSA-2016-2098...

On Tue, November 1, 2016 6:25 pm, Tony Mountifield wrote: > In article <5818CD31.4050008 at moving-picture.com>, > James Pearson <james-p at moving-picture.com> wrote: >> Leonardo Oliveira Ortiz wrote: >> > RedHat and Centos 4.x can be explored by this flaw? >> >> See: >> >> https://access.redhat.com/security/cve/cve-2016-5195 > > In

On Sat Oct 22 08:20:24 PM, Valeri Galtsev wrote: > I should have said CentOS 7. Older ones (CentOS 6 and 5) are not vulnerable. https://bugzilla.redhat.com/show_bug.cgi?id=1384344 Comment #35 points to a link that doesn't depend on /proc/self/mem and claims to work on CentOS 6 and 5. I'm not quite sure what I should be looking for when I run the program, though. I do hope Redhat

On Tue, 25 Oct 2016 08:29:33 -0400 "Phelps, Matthew" <mphelps at cfa.harvard.edu> wrote: > On Tue, Oct 25, 2016 at 4:06 AM, Christian Anthon <anthon at rth.dk> > wrote: > > > What is the best approach on centos 6 to mitigate the problem is > > officially patched? As far as I can tell Centos 6 is vulnerable to > > attacks using ptrace. > >

My manager just told me that upstream has released a patched kernel for 7: CentOS package kernel-3.10.0-327.36.3.el7.x86_64.rpm see http://rhn.redhat.com/errata/RHSA-2016-2098.html I'm hoping Johnny can get us that, hopefully before the end of the week. mark

Am 25.10.2016 um 15:39 schrieb Peter Kjellstr?m <cap at nsc.liu.se>: > On Tue, 25 Oct 2016 10:06:12 +0200 > Christian Anthon <anthon at rth.dk> wrote: > >> What is the best approach on centos 6 to mitigate the problem is >> officially patched? As far as I can tell Centos 6 is vulnerable to >> attacks using ptrace. > > I can confirm that c6 is

Phelps, Matthew wrote: > On Tue, Oct 25, 2016 at 2:18 PM, <m.roth at 5-cent.us> wrote: > >> My manager just told me that upstream has released a patched kernel for >> 7: >> CentOS package kernel-3.10.0-327.36.3.el7.x86_64.rpm >> see http://rhn.redhat.com/errata/RHSA-2016-2098.html >> >> I'm hoping Johnny can get us that, hopefully before the end

On Tue, 25 Oct 2016 17:21:54 -0700 Akemi Yagi <amyagi at gmail.com> wrote: > On Tue, Oct 25, 2016 at 10:26 AM, Leon Fauster > <leonfauster at googlemail.com> wrote: > > Am 25.10.2016 um 15:39 schrieb Peter Kjellstr?m <cap at nsc.liu.se>: > >> On Tue, 25 Oct 2016 10:06:12 +0200 > >> Christian Anthon <anthon at rth.dk> wrote: > >>

Leonardo Oliveira Ortiz wrote: > RedHat and Centos 4.x can be explored by this flaw? See: https://access.redhat.com/security/cve/cve-2016-5195 James Pearson

In article <5818CD31.4050008 at moving-picture.com>, James Pearson <james-p at moving-picture.com> wrote: > Leonardo Oliveira Ortiz wrote: > > RedHat and Centos 4.x can be explored by this flaw? > > See: > > https://access.redhat.com/security/cve/cve-2016-5195 In other words, no: RHEL 4 and CentOS4 are not affected by this flaw. Tony -- Tony Mountifield

> Date: Tuesday, November 01, 2016 18:49:56 -0500 > From: Valeri Galtsev <galtsev at kicp.uchicago.edu> > > On Tue, November 1, 2016 6:25 pm, Tony Mountifield wrote: >> In article <5818CD31.4050008 at moving-picture.com>, >> James Pearson <james-p at moving-picture.com> wrote: >>> Leonardo Oliveira Ortiz wrote: >>> > RedHat and Centos

On Tue, Oct 25, 2016 at 2:18 PM, <m.roth at 5-cent.us> wrote: > My manager just told me that upstream has released a patched kernel for 7: > > CentOS package kernel-3.10.0-327.36.3.el7.x86_64.rpm > see http://rhn.redhat.com/errata/RHSA-2016-2098.html > > I'm hoping Johnny can get us that, hopefully before the end of the week. > > mark > >

On 10/26/2016 05:56 AM, Peter Kjellstr?m wrote: > On Tue, 25 Oct 2016 17:21:54 -0700 > Akemi Yagi <amyagi at gmail.com> wrote: > >> On Tue, Oct 25, 2016 at 10:26 AM, Leon Fauster >> <leonfauster at googlemail.com> wrote: >>> Am 25.10.2016 um 15:39 schrieb Peter Kjellstr?m <cap at nsc.liu.se>: >>>> On Tue, 25 Oct 2016 10:06:12 +0200