[BlueOnyx:20182] Re: New kernel?
Michael Stauber
mstauber at blueonyx.it
Sat Oct 22 12:01:49 -05 2016
Hi Michael,
> Sorry, but I was out of the loop during the talk of the big kernel
> vulnerability.
>
> What is the updated kernel version we should be running and how can I check
> that all my servers are updated properly?
I just checked what kernel updates (if any) already dealt with it.
OpenVZ just released vzkernel-2.6.32-042stab120.3 for EL6 based OpenVZ
systems (used on Aventurin{e} 6106R and 6108R). So I checked the
changelog for that to see if CVE-2016-5195 was addressed:
rpm -q --changelog vzkernel-2.6.32-042stab120.3.x86_64|grep CVE-2016-5195
No results. Changelog in detail:
[root at zebra ~]# rpm -q --changelog vzkernel-2.6.32-042stab120.3.x86_64|more
* Do Aug 25 2016 Denys Vlasenko <dvlasenk at redhat.com> [2.6.32-642.6.1.el6]
- [net] tcp: make challenge acks less predictable (Florian Westphal)
[1355606 1355607] {CVE-2016-5696}
- [fs] sunrpc: move NO_CRKEY_TIMEOUT to the auth->au_flags (Scott
Mayhew) [1366962 1294939]
- [usbhid] hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES
commands (Yauheni Kaliuta) [1359999 1360008] {CVE-2016-5829}
Nope. Not yet addressed.
I then checked CentOS 7 and CentOS 6 / SL6: No updated kernel RPMs have
been released yet and the errata page on the RedHat portal hasn't been
updated yet either:
https://access.redhat.com/security/cve/cve-2016-5195
So I guess "upstream" is still trying to figure out how to fix this. :-/
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list