Date
1 - 3 of 3
When will the stemcells with the fix for Dirty COW CVE-2016-5195 be available
Bruce Bryan
Would like to know when the stemcells that have a fix in for the Dirty COW CVE-2016-5195 https://dirtycow.ninja/ be made available?
Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel
Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel
Bruce Bryan
The current stemcell we are using is bosh-openstack-kvm-centos-7-go_agent 3262.8. The kernel is 3.10.0-327.28.2.el7.x86_64 which is vulnerable.
I uploaded the latest stemcell: bosh-openstack-kvm-centos-7-go_agent 3263.8 version to test-full-bosh. The kernel version being used is still vulnerable, please see below:
Your kernel is 3.10.0-327.36.2.el7.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .
I uploaded the latest stemcell: bosh-openstack-kvm-centos-7-go_agent 3263.8 version to test-full-bosh. The kernel version being used is still vulnerable, please see below:
Your kernel is 3.10.0-327.36.2.el7.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .
Dmitriy Kalinin
Unfortunately centos packaging sites don't make it easy to track cve
updates (at least by our observations) compared to ubuntu's usn feed. We
are in the process to bump the stemcell to the latest centos kernel which
we think includes the fix. (Few tests are failing, so we are looking into
them hence we havent published the stemcell earlier in the day).
toggle quoted message
Show quoted text
updates (at least by our observations) compared to ubuntu's usn feed. We
are in the process to bump the stemcell to the latest centos kernel which
we think includes the fix. (Few tests are failing, so we are looking into
them hence we havent published the stemcell earlier in the day).
On Tue, Nov 1, 2016 at 5:43 AM, Bruce Bryan <brbrya(a)gmail.com> wrote:
The current stemcell we are using is bosh-openstack-kvm-centos-7-go_agent
3262.8. The kernel is 3.10.0-327.28.2.el7.x86_64 which is vulnerable.
I uploaded the latest stemcell: bosh-openstack-kvm-centos-7-go_agent
3263.8 version to test-full-bosh. The kernel version being used is still
vulnerable, please see below:
Your kernel is 3.10.0-327.36.2.el7.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can
apply partial
mitigation described at https://access.redhat.com/
security/vulnerabilities/2706661 .