Stay safe: how to install the patch for Linux bug CVE-2016-0728

200px-Tux.svgA security bug affecting Linux versions 3.8 and higher was recently identified. Although this bug (CVE-2016-0728) was first introduced into the Linux Kernel in 2012, it was only discovered and made public a few days ago. When we learned of the bug’s existence, we immediately patched all internal LeaseWeb servers. We advise everyone to patch their servers as well.

The vulnerability in the Linux kernel could potentially be used by attackers in order to obtain higher privileges from a regular account. It uses a technique called “use-after-free” to control the way memory is freed on kernel objects which is then replaced with user supplied data, while keeping the privileges of that memory object.

The following versions of GNU/Linux are known to be affected:

  • Red Hat Enterprise Linux 7
  • CentOS Linux 7
  • Scientific Linux 7
  • Debian Linux stable 8.x (jessie)
  • Debian Linux testing 9.x (stretch)
  • SUSE Linux Enterprise Desktop 12
  • SUSE Linux Enterprise Desktop 12 SP1
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Server 12 SP1
  • SUSE Linux Enterprise Workstation Extension 12
  • SUSE Linux Enterprise Workstation Extension 12 SP1
  • Ubuntu Linux 14.04 LTS (Trusty Tahr)
  • Ubuntu Linux 15.04 (Vivid Vervet)
  • Ubuntu Linux 15.10 (Wily Werewolf) Opensuse
  • Linux LEAP and version 13.2

Here’s how you can check if one of your systems might be vulnerable to this bug, courtesy of our security engineer Juan Sacco. You need to run the following command in your Linux Box: uname -mrs

If the output of this command shows that your system is running a vulnerable version of the Linux kernel, you could try the following to update it to the most recent version:

For Linux Debian/Ubuntu: 

apt-get update &&  apt-get upgrade linux-image-$(uname -r)

For Redhat/CentOS:

yum clean all && yum update -y kernel

Please be advised that for this change to take effect your system needs to be restarted.

2 Responses to “Stay safe: how to install the patch for Linux bug CVE-2016-0728”

Leave a Reply

LeaseWeb on Twitter

Our Product Manager for Dedicated Servers giving a speech at ESL Benelux Championship 2017. Visit us during the event.

test Twitter Media - Our Product Manager for Dedicated Servers giving a speech at ESL Benelux Championship 2017. Visit us during the event. https://t.co/PVTopS0f62

Vladimir Smirnov of @bookingcom talks about Graphite@Scale or how to store millions points per second #TechSummitIO lsw.to/lhX

2 days until #ESL Benelux Championship. All the competitive games in the competition will be powered by our servers: lsw.to/lhp

test Twitter Media - 2 days until #ESL Benelux Championship. All the competitive games in the competition will be powered by our servers: https://t.co/q8Ev9k4wbW https://t.co/a9Wl5Oxttz

The official TechSummit #Amsterdam 2017 after movie is out – you can watch it here: lsw.to/lhz #TechSummitIO