A security bug affecting Linux versions 3.8 and higher was recently identified. Although this bug (CVE-2016-0728) was first introduced into the Linux Kernel in 2012, it was only discovered and made public a few days ago. When we learned of the bug’s existence, we immediately patched all internal Leaseweb servers. We advise everyone to patch their servers as well.
The vulnerability in the Linux kernel could potentially be used by attackers in order to obtain higher privileges from a regular account. It uses a technique called “use-after-free” to control the way memory is freed on kernel objects which is then replaced with user supplied data, while keeping the privileges of that memory object.
The following versions of GNU/Linux are known to be affected:
- Red Hat Enterprise Linux 7
- CentOS Linux 7
- Scientific Linux 7
- Debian Linux stable 8.x (jessie)
- Debian Linux testing 9.x (stretch)
- SUSE Linux Enterprise Desktop 12
- SUSE Linux Enterprise Desktop 12 SP1
- SUSE Linux Enterprise Server 12
- SUSE Linux Enterprise Server 12 SP1
- SUSE Linux Enterprise Workstation Extension 12
- SUSE Linux Enterprise Workstation Extension 12 SP1
- Ubuntu Linux 14.04 LTS (Trusty Tahr)
- Ubuntu Linux 15.04 (Vivid Vervet)
- Ubuntu Linux 15.10 (Wily Werewolf) Opensuse
- Linux LEAP and version 13.2
Here’s how you can check if one of your systems might be vulnerable to this bug, courtesy of our security engineer Juan Sacco. You need to run the following command in your Linux Box: uname -mrs
If the output of this command shows that your system is running a vulnerable version of the Linux kernel, you could try the following to update it to the most recent version:
For Linux Debian/Ubuntu:
apt-get update && apt-get upgrade linux-image-$(uname -r)
yum clean all && yum update -y kernel
Please be advised that for this change to take effect your system needs to be restarted.