Kernel Update For CENTOS5 Againts Dirty COW

Support for security such as Firewalls and securing linux
Hirbodco
Posts: 1
Joined: 2016/10/27 13:04:24

Kernel Update For CENTOS5 Againts Dirty COW

Postby Hirbodco » 2016/10/27 13:11:17

Hello,

I Updated My Kernel Server ( CENTOS 5 ) To : 2.6.18-412.el5.centos.plus ( Latest Kernel via yum -y kernel update )

then i wget https://access.redhat.com/sites/default ... -5195_1.sh and run : bash rh-cve-2016-5195_1.sh

This Text Appear :

Your kernel is 2.6.18-412.el5.centos.plus which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vuln ... es/2706661 .

how i shoud update kernel to fix Dirty COW BUG ?

Best Regards,

User avatar
TrevorH
Forum Moderator
Posts: 21174
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Kernel Update For CENTOS5 Againts Dirty COW

Postby TrevorH » 2016/10/27 13:18:48

There are no patches yet for RHEL5/CentOS 5. The status page says that there will be fixed versions but they have not yet been released by RH. You can apply the systemtap mitigation as described in that article or you can just wait until the newer kernels come out.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

User avatar
avij
Forum Moderator
Posts: 2176
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: Kernel Update For CENTOS5 Againts Dirty COW

Postby avij » 2016/10/28 20:56:02

An update (2.6.18-416) was released today, so you should get it the next time you run yum update.

alok
Posts: 1
Joined: 2017/10/24 05:01:15

Re: Kernel Update For CENTOS5 Againts Dirty COW

Postby alok » 2017/10/24 05:52:19

Hi,

Would anyone help me to get the Centos 5.4 & 5.10 32 bit kernel rpm to fix this issue? Thanks !!

User avatar
TrevorH
Forum Moderator
Posts: 21174
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Kernel Update For CENTOS5 Againts Dirty COW

Postby TrevorH » 2017/10/24 10:15:49

Both 5.4 and 5.10 are old and exploitable. The latest and last CentOS 5 version was 5.11 but it is now completely EOL and there will be no more updates for it, ever. You should be making plans to move to a supported version ASAP. CentOS 5.4 is so old that it's positively dangerous and needs updating ASAP.

All CentOS 5 content has been removed from the mirrors and moved to vault.centos.org. You can edit your /etc/yum.repos.d/CentOS-Base.repo file and comment the mirrorlist= line and adjust the baseurl= parameter to point to the 5.11 directory on the vault to get as far up to date as is possible (gets you to March 2017). There have been several high severity vulnerabilities fixed in CentOS 6 and 7 since CentOS 5 went EOL so you will still not be up to date but it's as good as you can get for the moment. Once that's done, you need to start your migration to a supported version. I'd recommend skipping CentOS 6 entirely as that has already gone into "production phase 3" upstream at Redhat which means that only critical severity security issues will be patched. It goes EOL in 2020.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke