[CentOS] CVE-2016-5195 “DirtyCOW”: Critical Linux Kernel Flaw

Sun Oct 23 12:28:15 UTC 2016
Johnny Hughes <johnny at centos.org>

On 10/22/2016 07:49 PM, Valeri Galtsev wrote:
> Dear All,
> 
> I guess, we all have to urgently apply workaround, following, say, this:
> 
> https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/
> 
> At least those of us who still have important multi user machines running
> Linux. (Yes, me too, I do have a couple, thank goodness, the rest are
> already not ;-)
> 
> Have a productive weekend, everybody.
> 
> Valeri

We are waiting for the official RHEL source code for this issue for the
base kernel, and I do not recommend everybody out there use our
experimental 4.4.x kernel for x86_64, BUT with that said I did release a
kernel on Friday that has the fix for CVE-2016-5195.

It is kernel-4.4.26-201.el7.centos.x86_64.rpm, and it lives here:

http://mirror.centos.org/altarch/7/experimental/x86_64/

I don't recommend using this in production without lots of testing
first, and it requires a new linux-firmware, xfsprogs, supermin5.  It
also does not support secure boot.

I am using it on several (currently 6) machines and we created it for
newer IoT type boards and compute sticks, etc.  I have it running on 3
laptops and 3 KVM servers without any issues .. but that is a very small
subset of tested configurations.

Thanks,
Johnny Hughes




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20161023/f7068b78/attachment-0005.sig>