How to fix "Dirty COW" on CentOS 6.8(linux 2.6.32)?
-
- Posts: 2
- Joined: 2016/10/22 13:42:02
How to fix "Dirty COW" on CentOS 6.8(linux 2.6.32)?
Hi Team:
I am using centos6.8,the kernel version is 2.6.32-358.6.2.el6.x86_64.
I have test by the POC(https://github.com/dirtycow/dirtycow.gi ... /pokemon.c),it effect my linux:(
But i have not find an easy way to protect my linux in this weekend(i want to upgrade kernel in next week)
any help?
I am using centos6.8,the kernel version is 2.6.32-358.6.2.el6.x86_64.
I have test by the POC(https://github.com/dirtycow/dirtycow.gi ... /pokemon.c),it effect my linux:(
But i have not find an easy way to protect my linux in this weekend(i want to upgrade kernel in next week)
any help?
Re: How to fix "Dirty COW" on CentOS 6.8(linux 2.6.32)?
The fixes have not yet been released by Redhat. When they are then CentOS will rebuild them and make them available via the mirrors and yum.
If you're running 2.6.32-358.6.2.el6.x86_64. now then you are already massively backlevel and you have other security vulnerabilities to worry about. That's a 6.5 kernel and that's now nearly 3 years old. You should run yum update to get to the latest 6.8 plus whatever has been released in the last 4 months or so.
Redhat have a status page that you can use to track this issue. There is a link to the bugzilla entry for it too. https://access.redhat.com/security/cve/CVE-2016-5195
If you're running 2.6.32-358.6.2.el6.x86_64. now then you are already massively backlevel and you have other security vulnerabilities to worry about. That's a 6.5 kernel and that's now nearly 3 years old. You should run yum update to get to the latest 6.8 plus whatever has been released in the last 4 months or so.
Redhat have a status page that you can use to track this issue. There is a link to the bugzilla entry for it too. https://access.redhat.com/security/cve/CVE-2016-5195
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 2
- Joined: 2016/10/22 13:42:02
Re: How to fix "Dirty COW" on CentOS 6.8(linux 2.6.32)?
thank you so much, i have run yum update to upgrade my kernel,but it tell me this is the newest version:( can you help?TrevorH wrote:The fixes have not yet been released by Redhat. When they are then CentOS will rebuild them and make them available via the mirrors and yum.
If you're running 2.6.32-358.6.2.el6.x86_64. now then you are already massively backlevel and you have other security vulnerabilities to worry about. That's a 6.5 kernel and that's now nearly 3 years old. You should run yum update to get to the latest 6.8 plus whatever has been released in the last 4 months or so.
Redhat have a status page that you can use to track this issue. There is a link to the bugzilla entry for it too. https://access.redhat.com/security/cve/CVE-2016-5195
Re: How to fix "Dirty COW" on CentOS 6.8(linux 2.6.32)?
The fixes have not yet been released by Redhat. When they are then CentOS will rebuild them and make them available via the mirrors and yum.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: How to fix "Dirty COW" on CentOS 6.8(linux 2.6.32)?
Looks like updates have been released for RHEL7: https://rhn.redhat.com/errata/RHSA-2016-2098.html
Re: How to fix "Dirty COW" on CentOS 6.8(linux 2.6.32)?
Yes, and the update is currently being processed in the CentOS buildsystem. It may take a few hours before all the steps get done and the update reaches the mirrors. Note that this fixes only the CentOS 7 kernel, kernel updates to 5 and 6 haven't been released yet by Red Hat.mkosmoski wrote:Looks like updates have been released for RHEL7: https://rhn.redhat.com/errata/RHSA-2016-2098.html
-
- Posts: 6
- Joined: 2015/01/29 16:23:26
Re: How to fix "Dirty COW" on CentOS 6.8(linux 2.6.32)?
what issues do you run into by forcing the upgrade of your kernel from 2.6.32.643 to 3.10
i have tested this on a vm
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-6- ... noarch.rpm
Install the kernel
yum --enablerepo=elrepo-kernel install kernel-lt
Seems to work when i rebooted and ran commands?
i have tested this on a vm
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-6- ... noarch.rpm
Install the kernel
yum --enablerepo=elrepo-kernel install kernel-lt
Seems to work when i rebooted and ran commands?
Re: How to fix "Dirty COW" on CentOS 6.8(linux 2.6.32)?
The ELRepo kernels are advertised as "not for production use, use at your own risk" but that's probably just legalese. However they also have disadvantages - for example they do not adhere to the stable kernel ABI that the distro kernels use so it's not possible to also use the ELRepo kmod packages for hardware that is not supported.
I would not expect the el6 distro kernels to be a very long time before they arrive but I suspect that the patch for the older kernels is tricky to apply as that area of code is quite a lot different.
I would not expect the el6 distro kernels to be a very long time before they arrive but I suspect that the patch for the older kernels is tricky to apply as that area of code is quite a lot different.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: How to fix "Dirty COW" on CentOS 6.8(linux 2.6.32)?
The SRPM for kernel-2.6.32-642.6.2.el6 just appeared on the upstream ftp site. It'll need to be rebuilt for CentOS 6.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: How to fix "Dirty COW" on CentOS 6.8(linux 2.6.32)?
Will the CentOS 6.7 kernel get the fix?
RHEL released kernel-2.6.32-573.35.2: https://rhn.redhat.com/errata/RHSA-2016-2106.html
RHEL released kernel-2.6.32-573.35.2: https://rhn.redhat.com/errata/RHSA-2016-2106.html