Stay safe: how to install the patch for Linux bug CVE-2016-0728

200px-Tux.svgA security bug affecting Linux versions 3.8 and higher was recently identified. Although this bug (CVE-2016-0728) was first introduced into the Linux Kernel in 2012, it was only discovered and made public a few days ago. When we learned of the bug’s existence, we immediately patched all internal LeaseWeb servers. We advise everyone to patch their servers as well.

The vulnerability in the Linux kernel could potentially be used by attackers in order to obtain higher privileges from a regular account. It uses a technique called “use-after-free” to control the way memory is freed on kernel objects which is then replaced with user supplied data, while keeping the privileges of that memory object.

The following versions of GNU/Linux are known to be affected:

  • Red Hat Enterprise Linux 7
  • CentOS Linux 7
  • Scientific Linux 7
  • Debian Linux stable 8.x (jessie)
  • Debian Linux testing 9.x (stretch)
  • SUSE Linux Enterprise Desktop 12
  • SUSE Linux Enterprise Desktop 12 SP1
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Server 12 SP1
  • SUSE Linux Enterprise Workstation Extension 12
  • SUSE Linux Enterprise Workstation Extension 12 SP1
  • Ubuntu Linux 14.04 LTS (Trusty Tahr)
  • Ubuntu Linux 15.04 (Vivid Vervet)
  • Ubuntu Linux 15.10 (Wily Werewolf) Opensuse
  • Linux LEAP and version 13.2

Here’s how you can check if one of your systems might be vulnerable to this bug, courtesy of our security engineer Juan Sacco. You need to run the following command in your Linux Box: uname -mrs

If the output of this command shows that your system is running a vulnerable version of the Linux kernel, you could try the following to update it to the most recent version:

For Linux Debian/Ubuntu: 

apt-get update &&  apt-get upgrade linux-image-$(uname -r)

For Redhat/CentOS:

yum clean all && yum update -y kernel

Please be advised that for this change to take effect your system needs to be restarted.

2 Responses to “Stay safe: how to install the patch for Linux bug CVE-2016-0728”

Leave a Reply

LeaseWeb on Twitter

Leaseweb's Arno Witvliet speaks to Dutch IT-Channel about cloud infrastructure and the opportunities offered to MSPs and ISVs lsw.to/lZq

test Twitter Media - Leaseweb's Arno Witvliet speaks to Dutch IT-Channel about cloud infrastructure and the opportunities offered to MSPs and ISVs https://t.co/DSroqD6Bu2 https://t.co/KOiFMWvCL1

Is Your Website Ready for Holiday Season Traffic? lsw.to/lZo

test Twitter Media - Is Your Website Ready for Holiday Season Traffic? https://t.co/ZQwnEEX2e9 https://t.co/MdBTSTHxdf

Are you a Visual Content Specialist? If so, Leaseweb wants you! Contact us here: lsw.to/lZv

test Twitter Media - Are you a Visual Content Specialist? If so, Leaseweb wants you! Contact us here: https://t.co/2CVaDUYMGE https://t.co/xPH5jNd8W1