CloudLinux - CloudLinux Blog - Security warning: major vulnerability found in Linux kernels that affects most kernels
Blog

By accepting you will be accessing a service provided by a third-party external to https://www.cloudlinux.com/

Security warning: major vulnerability found in Linux kernels that affects most kernels

Security warning: major vulnerability found in Linux kernels that affects most kernels

A new major local privilege escalation vulnerability in the Linux kernel was disclosed today by Andrey Konovalov (see CVE-2017-6074). It is a memory corruption vulnerability where the same memory location is freed by kernel twice. The vulnerability can be exploited to escalate privileges and allows an unprivileged local user to gain root access to the server.

This vulnerability affects most kernels! 

The KernelCare team, as always, is urgently working on releasing patches, with some distributions being promptly covered by the end of today (Wednesday, February 22nd, 2017), and most by tomorrow (see release schedule below). Major Linux distributions are working on releasing kernel updates with a fix as well. RedHat and Debian already released updated kernels - however, they will require you to reboot servers. But if you run KernelCare, you can livepatch your servers and protect yourself from critical vulnerabilities, including this one, WITHOUT any downtime.

When you install KernelCare, whether a paid or a trial version, it will bring your kernels up-to-date with all patches instantly. It installs with a single line of code in just minutes, without a reboot, and it will ensure you never miss another kernel security patch as they will be automatically installed to your live kernel going forward.

If you’d like to update your kernels as soon as the fix is released, you can get KernelCare for free for 30 days now, or purchase licenses here (from $2.25 per server/mo). 

To learn more about KernelCare, visit this page

 

Timeline for patch releases for KernelCare:

  • Ubuntu 16.04 - Feb 24, 2017
  • Ubuntu 14.04 - Feb 24, 2017
  • RHEL 7 - Feb 22, 2017
  • RHEL 6 - Feb 22, 2017
  • RHEL 5 - Feb 25, 2017
  • CentOS 7 - Feb 22, 2017
  • CentOS 6 - Feb 22, 2017
  • CentOS 5 - Feb 25, 2017
  • CloudLinux OS 7 -  Feb 22, 2017
  • CloudLinux OS 6 -  Feb 22, 2017
  • CloudLinux OS 5 - Feb 25, 2017
  • CentOS 6 Plus -  Feb 22, 2017
  • CentOS 7 Plus -  Feb 22, 2017
  • CentOS 6 Alt -  Feb 22, 2017
  • CentOS 7 Alt -  Feb 22, 2017
  • Debian 7 & 8 - Feb 24, 2017
  • Virutozzo/OpenVZ 2.6 -  Feb 22, 2017
  • Proxmox 3.10 -  Feb 22, 2017
  • Proxmox 4.2/4.4 - Feb 24, 2017

If you have KernelCare, it will bring your kernels up-to-date with these patches automatically, without a reboot. KernelCare supports most popular Linux distributions

New CloudLinux 6 kernel 2.6.32-673.26.1.lve1.4.22....
LVE Manager’s new UI is now in beta!
 

Комментарии 12

It would be Fantastic if CloudLinux and KernelCare would have gotten notified when the major Linux distributions got notified so that patches could have been put in place more quickly.

It would be Fantastic if CloudLinux and KernelCare would have gotten notified when the major Linux distributions got notified so that patches could have been put in place more quickly.

yes, it would be. Yet, linux-distro list where such things are disclosed had been dysfunctional and doesn't accept any new members for the last 3-4 years. It is pretty sad situation.

yes, it would be. Yet, linux-distro list where such things are disclosed had been dysfunctional and doesn't accept any new members for the last 3-4 years. It is pretty sad situation.

It is VERY disappointing that CloudLinux alone (without KernelCare) still has no update, when plain Centos is already patched and updated.

It is VERY disappointing that CloudLinux alone (without KernelCare) still has no update, when plain Centos is already patched and updated.

It takes much longer to prepare & test the fix for the full kernel.

It takes much longer to prepare & test the fix for the full kernel.

why there is no other posts online about this vulnerability ? and why I came here from a facebook promoted post?

why there is no other posts online about this vulnerability ? and why I came here from a facebook promoted post?

1. Here you can find the announcement about the vulnerability found - http://seclists.org/oss-sec/2017/q1/471 2. Because you have clicked on our post.

1. Here you can find the announcement about the vulnerability found - http://seclists.org/oss-sec/2017/q1/471 2. Because you have clicked on our post.

It takes much longer to prepare & test the fix for the full kernel.

It takes much longer to prepare & test the fix for the full kernel.

IS the fix out there for centos 6.8 ?

IS the fix out there for centos 6.8 ?

Fix out is available for ALL supported distros, but kernelcare-2.10-* is required to apply it.

Fix out is available for ALL supported distros, but kernelcare-2.10-* is required to apply it.

This is click-bait SPAM. Don't fall for this crap. Look at the kernel they are talking about patching. This is a scam to get you to subscribe to something you don't need to. If you have a production environment you would never allow a 'service' to automatically update the kernel in your environment for obvious reasons; doing so would likely take down your production environment.

This is click-bait [b]SPAM[/b]. Don't fall for this crap. Look at the kernel they are talking about patching. This is a scam to get you to subscribe to something you don't need to. If you have a production environment you would never allow a 'service' to automatically update the kernel in your environment for obvious reasons; doing so would likely take down your production environment.

Gary,

I think you are out of date. First of all, this is now needed, as there are published exploits in the wild:
https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-6074

Second, of all -- we have thousands of customers using it, without "taking down production environment". We are not even the first to do it.
ksplice.com were the first company to offer this service.
Right now livepatch is in mainline kernel, and there are plenty of info on the topic all over the internet: https://en.wikipedia.org/wiki/Patch_(computing)#HOT-PATCHING

Gary, I think you are out of date. First of all, this is now needed, as there are published exploits in the wild: https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-6074 Second, of all -- we have thousands of customers using it, without "taking down production environment". We are not even the first to do it. ksplice.com were the first company to offer this service. Right now livepatch is in mainline kernel, and there are plenty of info on the topic all over the internet: https://en.wikipedia.org/wiki/Patch_(computing)#HOT-PATCHING
The exploit is in the wild: https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-6074
Уже зарегистрированны? Войти на сайт
Guest
09.08.2020

Изображение капчи