Kernel Update For CENTOS5 Againts Dirty COW

Support for security such as Firewalls and securing linux
Post Reply
Hirbodco
Posts: 1
Joined: 2016/10/27 13:04:24

Kernel Update For CENTOS5 Againts Dirty COW

Post by Hirbodco » 2016/10/27 13:11:17

Hello,

I Updated My Kernel Server ( CENTOS 5 ) To : 2.6.18-412.el5.centos.plus ( Latest Kernel via yum -y kernel update )

then i wget https://access.redhat.com/sites/default ... -5195_1.sh and run : bash rh-cve-2016-5195_1.sh

This Text Appear :

Your kernel is 2.6.18-412.el5.centos.plus which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vuln ... es/2706661 .

how i shoud update kernel to fix Dirty COW BUG ?

Best Regards,

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Kernel Update For CENTOS5 Againts Dirty COW

Post by TrevorH » 2016/10/27 13:18:48

There are no patches yet for RHEL5/CentOS 5. The status page says that there will be fixed versions but they have not yet been released by RH. You can apply the systemtap mitigation as described in that article or you can just wait until the newer kernels come out.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: Kernel Update For CENTOS5 Againts Dirty COW

Post by avij » 2016/10/28 20:56:02

An update (2.6.18-416) was released today, so you should get it the next time you run yum update.

alok
Posts: 1
Joined: 2017/10/24 05:01:15

Re: Kernel Update For CENTOS5 Againts Dirty COW

Post by alok » 2017/10/24 05:52:19

Hi,

Would anyone help me to get the Centos 5.4 & 5.10 32 bit kernel rpm to fix this issue? Thanks !!

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Kernel Update For CENTOS5 Againts Dirty COW

Post by TrevorH » 2017/10/24 10:15:49

Both 5.4 and 5.10 are old and exploitable. The latest and last CentOS 5 version was 5.11 but it is now completely EOL and there will be no more updates for it, ever. You should be making plans to move to a supported version ASAP. CentOS 5.4 is so old that it's positively dangerous and needs updating ASAP.

All CentOS 5 content has been removed from the mirrors and moved to vault.centos.org. You can edit your /etc/yum.repos.d/CentOS-Base.repo file and comment the mirrorlist= line and adjust the baseurl= parameter to point to the 5.11 directory on the vault to get as far up to date as is possible (gets you to March 2017). There have been several high severity vulnerabilities fixed in CentOS 6 and 7 since CentOS 5 went EOL so you will still not be up to date but it's as good as you can get for the moment. Once that's done, you need to start your migration to a supported version. I'd recommend skipping CentOS 6 entirely as that has already gone into "production phase 3" upstream at Redhat which means that only critical severity security issues will be patched. It goes EOL in 2020.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply