CloudLinux - KernelCare Blog - CloudLinux Blog - Страница 3
Blog

Issues caused by the latest KernelCare update

We’ve received reports that our latest patchset affected some CentOS/CloudLinux/OpenVZ 6 kernels. We’ve immediately rolled back the patch, have evaluated the issue and identified the cause to prevent issues in the future releases. Please accept our apologies and standby for additional updates on the cause of the issue. Igor Seletskiy
  4226 просмотров
  0 Комментариев
Security warning: major vulnerability found in Linux kernels that affects most kernels
Теги:

Security warning: major vulnerability found in Linux kernels that affects most kernels

Security warning: major vulnerability found in Linux kernels that affects most kernels
A new major local privilege escalation vulnerability in the Linux kernel was disclosed today by Andrey Konovalov (see CVE-2017-6074). It is a memory corruption vulnerability where the same memory location is freed by kernel twice. The vulnerability can be exploited to escalate privileges and allows an unprivileged local user to gain root access to ...
Продолжить чтение
Последние комментарии
Guest — Michael Denney
It would be Fantastic if CloudLinux and KernelCare would have gotten notified when the major Linux distributions got notified so t... Read More
23.02.2017 04:23
Igor Seletskiy
yes, it would be. Yet, linux-distro list where such things are disclosed had been dysfunctional and doesn't accept any new members... Read More
23.02.2017 13:06
Guest — Jim
It is VERY disappointing that CloudLinux alone (without KernelCare) still has no update, when plain Centos is already patched and ... Read More
23.02.2017 20:01
  18229 просмотров
  12 Комментариев
The KernelCare Update: The patch to fix CVE-2016-8655 exploit is here!

The KernelCare Update: The patch to fix CVE-2016-8655 exploit is here!

The KernelCare Update: The patch to fix CVE-2016-8655 exploit is here!
A new vulnerability CVE-2016-8655 in the Linux kernel was discovered yesterday by Philip Pettersson. It is a race-condition in Linux (net/packet/af_packet.c) that can be exploited to gain kernel code execution from unprivileged processes. This exploit may lead to a privilege escalation, cause a denial of service attacks (server crash) and informati...
Продолжить чтение
  6366 просмотров
  0 Комментариев
New vulnerability discovered - the fix for CVE-2016-8655 for CloudLinux OS 7 is here with KernelCare

New vulnerability discovered - the fix for CVE-2016-8655 for CloudLinux OS 7 is here with KernelCare

New vulnerability discovered - the fix for CVE-2016-8655 for CloudLinux OS 7 is here with KernelCare
The patch for CloudLinux OS 7 is here if you are running KernelCare. Fixed CloudLinux OS 7 kernel is coming soon. CloudLinux OS 5 & 6 are not affected. A new vulnerability CVE-2016-8655 in the Linux kernel was discovered by Philip Pettersson. It is a race-condition in Linux (net/packet/af_packet.c) that can be exploited to gain kernel code exec...
Продолжить чтение
  6410 просмотров
  0 Комментариев
Managing KernelCare with Puppet
Теги:

Managing KernelCare with Puppet

Managing KernelCare with Puppet
By guest author Christian Reiß If you haven’t felt it before: when Dirty Cow hit you did. The Linux Kernel is rock solid, proven but also has security issues. In this case: Root rights for everyone! And on top of that this bug is so trivially easy to exploit (several proof-of-concepts are out there that can easily converted into a life, working gun...
Продолжить чтение
  7283 просмотров
  0 Комментариев
How to fix Dirty COW without rebooting servers

How to fix Dirty COW without rebooting servers

How to fix Dirty COW without rebooting servers
The Dirty Cow exploit (CVE-2016-5195) is said to be the “Most serious” Linux privilege-escalation bug, ever. Within a few days of its discovery, various Linux distributions have released patches to fix it, but to apply those, you need to reboot servers. You either need to suffer downtime you haven’t planned for, or wait for the next maintenanc...
Продолжить чтение
Последний комментарий к этой записи
Guest — juliuco nikelado
gracias por tu blog
27.10.2016 19:01
  61961 просмотров
  1 комментарий
Nonprofits can now live patch kernels for free
Теги:

Nonprofits can now live patch kernels for free

Nonprofits can now live patch kernels for free
In light of the recent Dirty Cow exploit, said by experts to be the “Most serious” Linux privilege-escalation bug ever, we’ve decided to push forward our prior plans to offer KernelCare for free for nonprofit organizations so that they can protect themselves from critical vulnerabilities including the Dirty Cow CVE-2016-5195. KernelCare provides ti...
Продолжить чтение
  4971 просмотров
  0 Комментариев
Live patching for your custom kernel
Теги:

Live patching for your custom kernel

Live patching for your custom kernel
Do you want to use KernelCare for rebootless kernel updates? But what if you are running an unsupported distribution? What if your kernel is custom, self-compiled, special, or just old? Look no further than KernelCare. It provides Custom Kernel Patching so that you can benefit from live patching service for your kernel. The experts on our security ...
Продолжить чтение
  3611 просмотров
  0 Комментариев

KernelCare, Dirty Cow, systemtap and CentOS/RHEL/CL 5 - Important!!!

The systemtap scripts recommended by RedHat https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13 and many other people as workaround against CVE-2016-5195 (a.k.a DirtyCow) might be ineffective against new variations of the attack like this one: https://github.com/dirtycow/dirtycow.github.io/blob/master/pokemon.c [correction Oct 22, 7:04am: this ...
Продолжить чтение
  5482 просмотров
  0 Комментариев
Running InfiniBand hardware? Your servers might be vulnerable.

Running InfiniBand hardware? Your servers might be vulnerable.

Running InfiniBand hardware? Your servers might be vulnerable.
Recently a flaw was found in Linux kernel 2.6.32 that allows local users to escalate their privileges for servers with InfiniBand.  If your servers have InfiniBand and you are running CentOS/RedHat/CloudLinux 6, Virtuozzo/OpenVZ, Proxmox 2.x WITHOUT KernelCare, you are vulnerable. We recommend you update and reboot your kernels to resolve...
Продолжить чтение
  3074 просмотров
  0 Комментариев