VectorLinux

General Announcements => Security Advisories => Topic started by: M0E-lnx on October 31, 2016, 07:01:59 am

Title: Dirty COW exploit - All vector versions 7.2 and older affected. Fix inside
Post by: M0E-lnx on October 31, 2016, 07:01:59 am
News of this nasty old bug have recently came out.

https://dirtycow.ninja/
https://access.redhat.com/security/cve/CVE-2016-5195

There is plenty of documentation explaining it online.
This affects all vector builds.

We have updated the kernel packages for 7.1 and 7.2.  Users who have vector 7.1 or 7.2 can update their kernels to fix this vulnerability

Here are the links to the kernels packages that have been fixed.

Vector 7.1 32-bit
http://vlcore.vectorlinux.com/stable/veclinux-7.1/patches/kernels/kernel-3.18.44-x86-1vl71.txz
http://vlcore.vectorlinux.com/stable/veclinux-7.1/patches/kernels/kernel-modules-3.18.44-x86-1vl71.txz

Vector 7.1 64-bit
http://vlcore.vectorlinux.com/stable/VL64-7.1/patches/kernels/kernel-3.18.44-x86_64-1vl71.txz
http://vlcore.vectorlinux.com/stable/VL64-7.1/patches/kernels/kernel-modules-3.18.44-x86_64-1vl71.txz

Vector 7.2 32-bit
http://vlcore.vectorlinux.com/untested/veclinux-7.2/x86/kernel4.4-4.4.27-x86-1vl72.txz
http://vlcore.vectorlinux.com/untested/veclinux-7.2/x86/kernel4.4-modules-4.4.27-x86-1vl72.txz

Vector 7.2 64-bit
http://vlcore.vectorlinux.com/untested/veclinux-7.2/x86_64/kernel4.4-4.4.27-x86_64-1vl72.txz
http://vlcore.vectorlinux.com/untested/veclinux-7.2/x86_64/kernel4.4-modules-4.4.27-x86_64-1vl72.txz

Since 7.2 has not (yet) been declared final, all 7.2 builds moving forward will have the fixed kernels.

For those of you who have never upgraded a kernel package, here is a howto that may come in handy.
http://vlcoredocumentation.readthedocs.io/en/latest/manuals/kernel-upgrade.html


When posting questions about the upgrade process, please specify the following.

- Which bootloader you are using (LiLO or GRUB2)
- Post the output of "mount |grep ^/dev"