Linux Kernel security update issue.
Posted: Wed Oct 26, 2016 6:39 pm
There is an Kernel vulnerability update released for linux servers and we can fix the issue by updating the Linux kernel to the latest version.
In order to check the vulnerability on the server please use the below mentioned steps to run the script,
Check Vulnerability
Ubuntu/Debian
To find out if the server is affected, check the kernel version.
$ sudo uname -rv
We can see the output like this:
Output
4.4.0-42-generic #62-Ubuntu SMP Fri Oct 7 23:11:45 UTC 2016
CentOS
Some versions of CentOS can use this script provided by RedHat for RHEL to test the server's vulnerability. To try it, first download the script.
wget https://access.redhat.com/sites/default ... -5195_1.sh
Then run it with bash.
bash rh-cve-2016-5195_1.sh
If it is vulnerable, we can see an output like this:
Output
Your kernel is 3.10.0-327.36.1.el7.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vuln ... es/2706661 .
We can use the following commands to update your Debian/Ubuntu/Centos and RHEL systems,and also we need to reboot after updating it.
Debian/Ubuntu:
$ sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade
RHEL:
$ sudo yum update
$ sudo reboot
CentOS
To update the kernel on CentOS 7, run:
- sudo yum update
There is still no official update of the CentOS 5 and 6 kernel.we're still waiting on a fix for CentOS 5 and 6.
For reference - https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13
In order to check the vulnerability on the server please use the below mentioned steps to run the script,
Check Vulnerability
Ubuntu/Debian
To find out if the server is affected, check the kernel version.
$ sudo uname -rv
We can see the output like this:
Output
4.4.0-42-generic #62-Ubuntu SMP Fri Oct 7 23:11:45 UTC 2016
CentOS
Some versions of CentOS can use this script provided by RedHat for RHEL to test the server's vulnerability. To try it, first download the script.
wget https://access.redhat.com/sites/default ... -5195_1.sh
Then run it with bash.
bash rh-cve-2016-5195_1.sh
If it is vulnerable, we can see an output like this:
Output
Your kernel is 3.10.0-327.36.1.el7.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vuln ... es/2706661 .
We can use the following commands to update your Debian/Ubuntu/Centos and RHEL systems,and also we need to reboot after updating it.
Debian/Ubuntu:
$ sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade
RHEL:
$ sudo yum update
$ sudo reboot
CentOS
To update the kernel on CentOS 7, run:
- sudo yum update
There is still no official update of the CentOS 5 and 6 kernel.we're still waiting on a fix for CentOS 5 and 6.
For reference - https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13