Re: [CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw
Hello Christopher, As Peter already pointed out it is not done to "hijack" existing threads. It is confusing for the reader to have a different subject discussed in an existing thread. Please start a new mail with a descriptive subject line and send that to the list. Thank you. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw
Dear Sir/s, What I mean is the system crashed where the OS is no longer booting properly. This started when I did a "partition resize". Unfortunately, we don't have any backup of the system. Thanks in advance for your help. Regards, CHRIS - Original Message - From: "Peter" To: "CentOS mailing list" Sent: Wednesday, November 2, 2016 12:52:03 PM Subject: Re: [CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw On 02/11/16 13:05, Richard wrote: > RHEL/Centos-4 is EOL so wouldn't be updated regardless (at least > under the normal EOL guidelines), but it is mentioned toward the > bottom of that page under "Affected Packages State": > > Red Hat Enterprise Linux 4 kernel Not affected It is mentioned because RHEL4 is in extended life phase, so not EOL yet. CentOS 4 is EOL as CentOS does not track the extended life phase of Red Hat. Peter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw
On 02/11/16 13:05, Richard wrote: > RHEL/Centos-4 is EOL so wouldn't be updated regardless (at least > under the normal EOL guidelines), but it is mentioned toward the > bottom of that page under "Affected Packages State": > > Red Hat Enterprise Linux 4 kernel Not affected It is mentioned because RHEL4 is in extended life phase, so not EOL yet. CentOS 4 is EOL as CentOS does not track the extended life phase of Red Hat. Peter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw
You appear to have hijacked this (DirtyCOW) thread. You may want to re-post your question as a new message so that it won't get mingled with this discussion. Original Message > Date: Tuesday, November 01, 2016 21:03:48 -0400 > From: "Christopher G. Halnin" > To: CentOS mailing list > Subject: Re: [CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw > > Dear Sir/s, > > Can a crashed centos system be restore to its previous state before > it crash? And if so, can you please tell me how to do it? Thanks, > your help is very much appreciated. > > - Original Message - > From: "Richard" > To: "CentOS mailing list" > Sent: Tuesday, November 1, 2016 5:05:59 PM > Subject: Re: [CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel > Flaw > >> Date: Tuesday, November 01, 2016 18:49:56 -0500 >> From: Valeri Galtsev >> >> On Tue, November 1, 2016 6:25 pm, Tony Mountifield wrote: >>> In article <5818cd31.4050...@moving-picture.com>, >>> James Pearson wrote: >>>> Leonardo Oliveira Ortiz wrote: >>>> > RedHat and Centos 4.x can be explored by this flaw? >>>> >>>> See: >>>> >>>> https://access.redhat.com/security/cve/cve-2016-5195 >>> >>> In other words, no: RHEL 4 and CentOS4 are not affected by this >>> flaw. >> >> My understanding is: RHEL is obsolete, hence it will not even be >> mentioned on that page, whether it is known to be affected or not. >> > > RHEL/Centos-4 is EOL so wouldn't be updated regardless (at least > under the normal EOL guidelines), but it is mentioned toward the > bottom of that page under "Affected Packages State": > > Red Hat Enterprise Linux 4 kernel Not affected > > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos End Original Message ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw
On 11/1/2016 6:03 PM, Christopher G. Halnin wrote: Can a crashed centos system be restore to its previous state before it crash? And if so, can you please tell me how to do it? Thanks, your help is very much appreciated. 1) define 'crashed' 2) got backups? -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw
Dear Sir/s, Can a crashed centos system be restore to its previous state before it crash? And if so, can you please tell me how to do it? Thanks, your help is very much appreciated. - Original Message - From: "Richard" To: "CentOS mailing list" Sent: Tuesday, November 1, 2016 5:05:59 PM Subject: Re: [CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw > Date: Tuesday, November 01, 2016 18:49:56 -0500 > From: Valeri Galtsev > > On Tue, November 1, 2016 6:25 pm, Tony Mountifield wrote: >> In article <5818cd31.4050...@moving-picture.com>, >> James Pearson wrote: >>> Leonardo Oliveira Ortiz wrote: >>> > RedHat and Centos 4.x can be explored by this flaw? >>> >>> See: >>> >>> https://access.redhat.com/security/cve/cve-2016-5195 >> >> In other words, no: RHEL 4 and CentOS4 are not affected by this >> flaw. > > My understanding is: RHEL is obsolete, hence it will not even be > mentioned on that page, whether it is known to be affected or not. > RHEL/Centos-4 is EOL so wouldn't be updated regardless (at least under the normal EOL guidelines), but it is mentioned toward the bottom of that page under "Affected Packages State": Red Hat Enterprise Linux 4kernel Not affected ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw
> Date: Tuesday, November 01, 2016 18:49:56 -0500 > From: Valeri Galtsev > > On Tue, November 1, 2016 6:25 pm, Tony Mountifield wrote: >> In article <5818cd31.4050...@moving-picture.com>, >> James Pearson wrote: >>> Leonardo Oliveira Ortiz wrote: >>> > RedHat and Centos 4.x can be explored by this flaw? >>> >>> See: >>> >>> https://access.redhat.com/security/cve/cve-2016-5195 >> >> In other words, no: RHEL 4 and CentOS4 are not affected by this >> flaw. > > My understanding is: RHEL is obsolete, hence it will not even be > mentioned on that page, whether it is known to be affected or not. > RHEL/Centos-4 is EOL so wouldn't be updated regardless (at least under the normal EOL guidelines), but it is mentioned toward the bottom of that page under "Affected Packages State": Red Hat Enterprise Linux 4kernel Not affected ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw
On Tue, November 1, 2016 6:25 pm, Tony Mountifield wrote: > In article <5818cd31.4050...@moving-picture.com>, > James Pearson wrote: >> Leonardo Oliveira Ortiz wrote: >> > RedHat and Centos 4.x can be explored by this flaw? >> >> See: >> >> https://access.redhat.com/security/cve/cve-2016-5195 > > In other words, no: RHEL 4 and CentOS4 are not affected by this flaw. My understanding is: RHEL is obsolete, hence it will not even be mentioned on that page, whether it is known to be affected or not. Valeri > > Tony > -- > Tony Mountifield > Work: t...@softins.co.uk - http://www.softins.co.uk > Play: t...@mountifield.org - http://tony.mountifield.org > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw
In article <5818cd31.4050...@moving-picture.com>, James Pearson wrote: > Leonardo Oliveira Ortiz wrote: > > RedHat and Centos 4.x can be explored by this flaw? > > See: > > https://access.redhat.com/security/cve/cve-2016-5195 In other words, no: RHEL 4 and CentOS4 are not affected by this flaw. Tony -- Tony Mountifield Work: t...@softins.co.uk - http://www.softins.co.uk Play: t...@mountifield.org - http://tony.mountifield.org ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw
Leonardo Oliveira Ortiz wrote: RedHat and Centos 4.x can be explored by this flaw? See: https://access.redhat.com/security/cve/cve-2016-5195 James Pearson ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 “DirtyCOW”: Critical Linux Kernel Flaw
On 10/22/2016 07:49 PM, Valeri Galtsev wrote: > Dear All, > > I guess, we all have to urgently apply workaround, following, say, this: > > https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/ > > At least those of us who still have important multi user machines running > Linux. (Yes, me too, I do have a couple, thank goodness, the rest are > already not ;-) > > Have a productive weekend, everybody. > > Valeri > And to close the book on this CVE, I just pushed the CentOS-5.11 kernel to fix this issue as well: kernel-2.6.18-416.el5 So, the only thing we still have to release is a fixed kernel for the aarch64 AltArch SIG. And we are building a test kernel for that right now. ppc64le, ppc64, i686, arm32 for CentOS-7 .. and all released arches for CentOS-5 and CentOS-6 ... now all have updates released. Thanks, Johnny Hughes signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw
On Wed, 26 Oct 2016 06:30:45 -0500 Johnny Hughes wrote: > On 10/26/2016 05:56 AM, Peter Kjellström wrote: > > On Tue, 25 Oct 2016 17:21:54 -0700 > > Akemi Yagi wrote: > > > >> On Tue, Oct 25, 2016 at 10:26 AM, Leon Fauster > >> wrote: > >>> Am 25.10.2016 um 15:39 schrieb Peter Kjellström > >>> : > On Tue, 25 Oct 2016 10:06:12 +0200 > Christian Anthon wrote: > > > What is the best approach on centos 6 to mitigate the problem is > > officially patched? As far as I can tell Centos 6 is vulnerable > > to attacks using ptrace. > > I can confirm that c6 is vulnerable, we're running a patched > kernel (local build) using a rhel6 adaptation of the upstream > fix. > > Ask off-list if you want an src.rpm > >>> > >>> > >>> Hi Peter, can you confirm that its this? > >>> > >>> http://pastebin.centos.org/56391/ > >> > >> That is for the EL-7.2 kernel. Peter was offering a patch for > >> CentOS 6. > >> > >> RH released the patched kernel for EL-6.8 today. I have attached > >> the diff file between 2.6.32-642.6.1.el6 and 2.6.32-642.6.2.el6. > >> It is more complex because the 6 kernel is older, so required more > >> mods, I suppose. Maybe that was the reason why the EL-6 update > >> took longer than EL-7. > > > > We also did a quick diff for the official c6 patch and it's almost > > but not quite what we were using as a quick fix. > > > > /Peter > > The 6 kernel is released now .. Use that :) You misunderstood me. I was referring to the difference between the quick fix initially deployed by us and the now released fix. We're almost completely updated from quick fix to official fix by now. /Peter pgpD5_yYhrjKy.pgp Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw
On 10/26/2016 05:56 AM, Peter Kjellström wrote: > On Tue, 25 Oct 2016 17:21:54 -0700 > Akemi Yagi wrote: > >> On Tue, Oct 25, 2016 at 10:26 AM, Leon Fauster >> wrote: >>> Am 25.10.2016 um 15:39 schrieb Peter Kjellström : On Tue, 25 Oct 2016 10:06:12 +0200 Christian Anthon wrote: > What is the best approach on centos 6 to mitigate the problem is > officially patched? As far as I can tell Centos 6 is vulnerable to > attacks using ptrace. I can confirm that c6 is vulnerable, we're running a patched kernel (local build) using a rhel6 adaptation of the upstream fix. Ask off-list if you want an src.rpm >>> >>> >>> Hi Peter, can you confirm that its this? >>> >>> http://pastebin.centos.org/56391/ >> >> That is for the EL-7.2 kernel. Peter was offering a patch for CentOS >> 6. >> >> RH released the patched kernel for EL-6.8 today. I have attached the >> diff file between 2.6.32-642.6.1.el6 and 2.6.32-642.6.2.el6. It is >> more complex because the 6 kernel is older, so required more mods, I >> suppose. Maybe that was the reason why the EL-6 update took longer >> than EL-7. > > We also did a quick diff for the official c6 patch and it's almost but > not quite what we were using as a quick fix. > > /Peter The 6 kernel is released now .. Use that :) signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw
On Tue, 25 Oct 2016 17:21:54 -0700 Akemi Yagi wrote: > On Tue, Oct 25, 2016 at 10:26 AM, Leon Fauster > wrote: > > Am 25.10.2016 um 15:39 schrieb Peter Kjellström : > >> On Tue, 25 Oct 2016 10:06:12 +0200 > >> Christian Anthon wrote: > >> > >>> What is the best approach on centos 6 to mitigate the problem is > >>> officially patched? As far as I can tell Centos 6 is vulnerable to > >>> attacks using ptrace. > >> > >> I can confirm that c6 is vulnerable, we're running a patched kernel > >> (local build) using a rhel6 adaptation of the upstream fix. > >> > >> Ask off-list if you want an src.rpm > > > > > > Hi Peter, can you confirm that its this? > > > > http://pastebin.centos.org/56391/ > > That is for the EL-7.2 kernel. Peter was offering a patch for CentOS > 6. > > RH released the patched kernel for EL-6.8 today. I have attached the > diff file between 2.6.32-642.6.1.el6 and 2.6.32-642.6.2.el6. It is > more complex because the 6 kernel is older, so required more mods, I > suppose. Maybe that was the reason why the EL-6 update took longer > than EL-7. We also did a quick diff for the official c6 patch and it's almost but not quite what we were using as a quick fix. /Peter ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw
On 10/25/2016 03:37 PM, m.r...@5-cent.us wrote: > Phelps, Matthew wrote: >> On Tue, Oct 25, 2016 at 2:18 PM, wrote: >> >>> My manager just told me that upstream has released a patched kernel for >>> 7: >>> CentOS package kernel-3.10.0-327.36.3.el7.x86_64.rpm >>> see http://rhn.redhat.com/errata/RHSA-2016-2098.html >>> >>> I'm hoping Johnny can get us that, hopefully before the end of the week. >>> >> That came out this morning: >> > Didn't see the announcement here, but I found it a bit after I posted. > > Thank you, Johnny, and the whole team. > You are welcome. The CentOS-6 kernel with the CVE-2016-5195 is finished, passed our CI suite tests, and is now pushed to our master mirror (kernel-2.6.32-642.6.2.el6) It should be installable from mirror.centos.org in an hour or so. External mirrors should also be able to start syncing to get it in about and hour as well. Still no upstream EL5 release. We will get that one released as soon as we have the source code for it. Thanks, Johnny Hughes signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw
On Tue, Oct 25, 2016 at 10:26 AM, Leon Fauster wrote: > Am 25.10.2016 um 15:39 schrieb Peter Kjellström : >> On Tue, 25 Oct 2016 10:06:12 +0200 >> Christian Anthon wrote: >> >>> What is the best approach on centos 6 to mitigate the problem is >>> officially patched? As far as I can tell Centos 6 is vulnerable to >>> attacks using ptrace. >> >> I can confirm that c6 is vulnerable, we're running a patched kernel >> (local build) using a rhel6 adaptation of the upstream fix. >> >> Ask off-list if you want an src.rpm > > > Hi Peter, can you confirm that its this? > > http://pastebin.centos.org/56391/ That is for the EL-7.2 kernel. Peter was offering a patch for CentOS 6. RH released the patched kernel for EL-6.8 today. I have attached the diff file between 2.6.32-642.6.1.el6 and 2.6.32-642.6.2.el6. It is more complex because the 6 kernel is older, so required more mods, I suppose. Maybe that was the reason why the EL-6 update took longer than EL-7. Akemi diff -uNpr linux-2.6.32-642.6.1.el6/include/linux/mm.h linux-2.6.32-642.6.2.el6/include/linux/mm.h --- linux-2.6.32-642.6.1.el6/include/linux/mm.h 2016-08-25 08:07:47.0 -0700 +++ linux-2.6.32-642.6.2.el6/include/linux/mm.h 2016-10-24 06:19:16.0 -0700 @@ -1420,6 +1420,7 @@ struct page *follow_page(struct vm_area_ #define FOLL_HWPOISON 0x100 /* check page is hwpoisoned */ #define FOLL_NUMA 0x200 /* force NUMA hinting page fault */ #define FOLL_MIGRATION 0x400 /* wait for page to replace migration entry */ +#define FOLL_COW 0x4000 /* internal GUP flag */ typedef int (*pte_fn_t)(pte_t *pte, pgtable_t token, unsigned long addr, void *data); diff -uNpr linux-2.6.32-642.6.1.el6/mm/memory.c linux-2.6.32-642.6.2.el6/mm/memory.c --- linux-2.6.32-642.6.1.el6/mm/memory.c2016-08-25 08:06:57.0 -0700 +++ linux-2.6.32-642.6.2.el6/mm/memory.c2016-10-24 06:19:16.0 -0700 @@ -1177,6 +1177,24 @@ int zap_vma_ptes(struct vm_area_struct * } EXPORT_SYMBOL_GPL(zap_vma_ptes); +static inline bool can_follow_write_pte(pte_t pte, struct page *page, + unsigned int flags) +{ + if (pte_write(pte)) + return true; + + /* +* Make sure that we are really following CoWed page. We do not really +* have to care about exclusiveness of the page because we only want +* to ensure that once COWed page hasn't disappeared in the meantime +* or it hasn't been merged to a KSM page. +*/ + if ((flags & FOLL_FORCE) && (flags & FOLL_COW)) + return page && PageAnon(page) && !PageKsm(page); + + return false; +} + /* * Do a quick page-table lookup for a single page. */ @@ -1266,10 +1284,11 @@ split_fallthrough: migration_entry_wait(mm, pmd, address); goto split_fallthrough; } - if ((flags & FOLL_WRITE) && !pte_write(pte)) - goto unlock; - page = vm_normal_page(vma, address, pte); + if ((flags & FOLL_WRITE) && !can_follow_write_pte(pte, page, flags)) { + pte_unmap_unlock(ptep, ptl); + return NULL; + } if (unlikely(!page)) { if ((flags & FOLL_DUMP) || !is_zero_pfn(pte_pfn(pte))) @@ -1290,7 +1309,6 @@ split_fallthrough: */ mark_page_accessed(page); } -unlock: pte_unmap_unlock(ptep, ptl); out: return page; @@ -1489,17 +1507,13 @@ int __get_user_pages(struct task_struct * The VM_FAULT_WRITE bit tells us that * do_wp_page has broken COW when necessary, * even if maybe_mkwrite decided not to set -* pte_write. We can thus safely do subsequent -* page lookups as if they were reads. But only -* do so when looping for pte_write is futile: -* in some cases userspace may also be wanting -* to write to the gotten user page, which a -* read fault here might prevent (a readonly -* page might get reCOWed by userspace write). +* pte_write. We cannot simply drop FOLL_WRITE +* here because the COWed page might be gone by +* the time we do the subsequent page lookups. */ if ((ret & VM_FAULT_WRITE) && !(vma->vm_flags & VM_WRITE)) - foll_flags &= ~FOLL_WRITE; + foll_flags |= FOLL_COW; cond_resched(); } _
Re: [CentOS] CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw
Phelps, Matthew wrote: > On Tue, Oct 25, 2016 at 2:18 PM, wrote: > >> My manager just told me that upstream has released a patched kernel for >> 7: >> CentOS package kernel-3.10.0-327.36.3.el7.x86_64.rpm >> see http://rhn.redhat.com/errata/RHSA-2016-2098.html >> >> I'm hoping Johnny can get us that, hopefully before the end of the week. >> > That came out this morning: > Didn't see the announcement here, but I found it a bit after I posted. Thank you, Johnny, and the whole team. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw
On Tue, Oct 25, 2016 at 2:18 PM, wrote: > My manager just told me that upstream has released a patched kernel for 7: > > CentOS package kernel-3.10.0-327.36.3.el7.x86_64.rpm > see http://rhn.redhat.com/errata/RHSA-2016-2098.html > > I'm hoping Johnny can get us that, hopefully before the end of the week. > >mark > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > That came out this morning: Johnny Hughes 7:17 AM (7 hours ago) to centos-announce CentOS Errata and Security Advisory 2016:2098 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-2098.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: afb7e2a7c3a38185b99f092b70ec274888a5beb136a7e5077559cbd29b3f55d7 kernel-3.10.0-327.36.3.el7.x86_64.rpm 1b33324ee4de14c03dde2eefb91bdee83082dd4ced6c0b94f5ab3253690bce38 kernel-abi-whitelists-3.10.0-327.36.3.el7.noarch.rpm 000ccd89b45a28645202add878b5e37d9a482df68fd5cf12914611098724eea7 kernel-debug-3.10.0-327.36.3.el7.x86_64.rpm 430e59db8a03d01f25ff602e766b96b06157fb881db68ca0cb81f229ec2609d6 kernel-debug-devel-3.10.0-327.36.3.el7.x86_64.rpm 5522697d3b016509dd3744e714d61e5d177921d2a045588730c1cd41713ba2c1 kernel-devel-3.10.0-327.36.3.el7.x86_64.rpm b3fb9f23b5a2427d90e286350b1e7ded8ce6c3c2c5f7e191ee15bb8a70c981aa kernel-doc-3.10.0-327.36.3.el7.noarch.rpm ad0006f10828ff8890c5599982c57a5ed75a9fdc9aab90e0c8cba6422eb766ea kernel-headers-3.10.0-327.36.3.el7.x86_64.rpm 3639553b0daacf8b577a5576d732eadae1aeef30cf61ca15dd755e439b5a8578 kernel-tools-3.10.0-327.36.3.el7.x86_64.rpm b66a1c39f21081605dc3f19afc73236b5cb23a1de8d1bd1b14718165663de7ac kernel-tools-libs-3.10.0-327.36.3.el7.x86_64.rpm 97f1708f020dc0c19c9abead5cabdf813aa56ffdf6f8956811669019d74980d8 kernel-tools-libs-devel-3.10.0-327.36.3.el7.x86_64.rpm 6101abe377f9c3f96f9a0b32840ccde2d60835af96ffbb1c787841e0a98bb755 perf-3.10.0-327.36.3.el7.x86_64.rpm cd55f641ed83faeb33d35a7915c78f85f58a237612ffebdfd5f41e652472ce7b python-perf-3.10.0-327.36.3.el7.x86_64.rpm Source: fc7d9058db4d12308f80993c446175e0fd45e413ffafa7b9b2b0c38a432a4a3c kernel-3.10.0-327.36.3.el7.src.rpm -- Matt Phelps System Administrator, Computation Facility Harvard - Smithsonian Center for Astrophysics mphe...@cfa.harvard.edu, http://www.cfa.harvard.edu ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw
My manager just told me that upstream has released a patched kernel for 7: CentOS package kernel-3.10.0-327.36.3.el7.x86_64.rpm see http://rhn.redhat.com/errata/RHSA-2016-2098.html I'm hoping Johnny can get us that, hopefully before the end of the week. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw
Am 25.10.2016 um 15:39 schrieb Peter Kjellström : > On Tue, 25 Oct 2016 10:06:12 +0200 > Christian Anthon wrote: > >> What is the best approach on centos 6 to mitigate the problem is >> officially patched? As far as I can tell Centos 6 is vulnerable to >> attacks using ptrace. > > I can confirm that c6 is vulnerable, we're running a patched kernel > (local build) using a rhel6 adaptation of the upstream fix. > > Ask off-list if you want an src.rpm Hi Peter, can you confirm that its this? http://pastebin.centos.org/56391/ -- LF ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 “DirtyCOW”: Critical Linux Kernel Flaw
On Tue, Oct 25, 2016 at 9:38 AM, Peter Kjellström wrote: > On Tue, 25 Oct 2016 08:29:33 -0400 > "Phelps, Matthew" wrote: > > > On Tue, Oct 25, 2016 at 4:06 AM, Christian Anthon > > wrote: > > > > > What is the best approach on centos 6 to mitigate the problem is > > > officially patched? As far as I can tell Centos 6 is vulnerable to > > > attacks using ptrace. > > > > > > There is a mitigation described here > > > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13 > > > > > > which doesn't fix the underlying problem, but at least protects > > > against known attack vectors. However, I'm unsure if the script > > > only applies to Centos 7, or if it also works on Centos 6? > > > > > > Cheers, Christian > > > > > > > > I have not been able to get this script to work on CentOS 6.8 > > > > I've installed kernel-debug, kernel-devel, kernel-debug-devel, > > kernel-debug-debuginfo, kernel-debuginfo-common and I still get: > > You have the wrong packages. You want "kernel-debuginfo" and > "kernel-debuginfo-common" for the running kernel. You've by mistake got > "kernel-debug-debuginfo" which is the debuginfo for the debug kernel > (not the normal kernel). > > /Peter K > Bingo. That was it. Thanks! -- Matt Phelps System Administrator, Computation Facility Harvard - Smithsonian Center for Astrophysics mphe...@cfa.harvard.edu, http://www.cfa.harvard.edu ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw
On 25-10-2016 15:39, Peter Kjellström wrote: I can confirm that c6 is vulnerable, we're running a patched kernel (local build) using a rhel6 adaptation of the upstream fix. Ask off-list if you want an src.rpm Thanks, the srpm would be very helpful, I'll reply off-list. Cheers, Christian. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 DirtyCOW : Critical Linux Kernel Flaw
On Tue, 25 Oct 2016 10:06:12 +0200 Christian Anthon wrote: > What is the best approach on centos 6 to mitigate the problem is > officially patched? As far as I can tell Centos 6 is vulnerable to > attacks using ptrace. I can confirm that c6 is vulnerable, we're running a patched kernel (local build) using a rhel6 adaptation of the upstream fix. Ask off-list if you want an src.rpm /Peter K ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 “DirtyCOW”: Critical Linux Kernel Flaw
On Tue, 25 Oct 2016 08:29:33 -0400 "Phelps, Matthew" wrote: > On Tue, Oct 25, 2016 at 4:06 AM, Christian Anthon > wrote: > > > What is the best approach on centos 6 to mitigate the problem is > > officially patched? As far as I can tell Centos 6 is vulnerable to > > attacks using ptrace. > > > > There is a mitigation described here > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13 > > > > which doesn't fix the underlying problem, but at least protects > > against known attack vectors. However, I'm unsure if the script > > only applies to Centos 7, or if it also works on Centos 6? > > > > Cheers, Christian > > > > > I have not been able to get this script to work on CentOS 6.8 > > I've installed kernel-debug, kernel-devel, kernel-debug-devel, > kernel-debug-debuginfo, kernel-debuginfo-common and I still get: You have the wrong packages. You want "kernel-debuginfo" and "kernel-debuginfo-common" for the running kernel. You've by mistake got "kernel-debug-debuginfo" which is the debuginfo for the debug kernel (not the normal kernel). /Peter K ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 “DirtyCOW”: Critical Linux Kernel Flaw
On Tue, Oct 25, 2016 at 4:06 AM, Christian Anthon wrote: > What is the best approach on centos 6 to mitigate the problem is > officially patched? As far as I can tell Centos 6 is vulnerable to attacks > using ptrace. > > There is a mitigation described here > > https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13 > > which doesn't fix the underlying problem, but at least protects against > known attack vectors. However, I'm unsure if the script only applies to > Centos 7, or if it also works on Centos 6? > > Cheers, Christian > > I have not been able to get this script to work on CentOS 6.8 I've installed kernel-debug, kernel-devel, kernel-debug-devel, kernel-debug-debuginfo, kernel-debuginfo-common and I still get: stap -g -p 4 dirtyc0w.stp semantic error: while resolving probe point: identifier 'syscall' at dirtyc0w.stp:5:7 source: probe syscall.ptrace { ^ semantic error: no match Pass 2: analysis failed. [man error::pass2] Anybody have any success with this? -- Matt Phelps System Administrator, Computation Facility Harvard - Smithsonian Center for Astrophysics mphe...@cfa.harvard.edu, http://www.cfa.harvard.edu On 24-10-2016 18:29, Gilbert Sebenste wrote: > >> On Sat, 22 Oct 2016, Valeri Galtsev wrote: >> >> On Sat, October 22, 2016 7:49 pm, Valeri Galtsev wrote: >>> Dear All, I guess, we all have to urgently apply workaround, following, say, this: https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtyco w-centos-7rhel7cpanelcloudlinux/ At least those of us who still have important multi user machines running Linux. >>> >>> I should have said CentOS 7. Older ones (CentOS 6 and 5) are not >>> vulnerable. >>> >> >> Patch is out on RHEL side: >> >> https://rhn.redhat.com/errata/RHSA-2016-2098.html >> >> *** >> >> Gilbert Sebenste >> (My opinions only!) >> ** >> *** >> >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> >> > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw
What is the best approach on centos 6 to mitigate the problem is officially patched? As far as I can tell Centos 6 is vulnerable to attacks using ptrace. There is a mitigation described here https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13 which doesn't fix the underlying problem, but at least protects against known attack vectors. However, I'm unsure if the script only applies to Centos 7, or if it also works on Centos 6? Cheers, Christian On 24-10-2016 18:29, Gilbert Sebenste wrote: On Sat, 22 Oct 2016, Valeri Galtsev wrote: On Sat, October 22, 2016 7:49 pm, Valeri Galtsev wrote: Dear All, I guess, we all have to urgently apply workaround, following, say, this: https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/ At least those of us who still have important multi user machines running Linux. I should have said CentOS 7. Older ones (CentOS 6 and 5) are not vulnerable. Patch is out on RHEL side: https://rhn.redhat.com/errata/RHSA-2016-2098.html *** Gilbert Sebenste (My opinions only!) ** *** ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw
On Sat, 22 Oct 2016, Valeri Galtsev wrote: On Sat, October 22, 2016 7:49 pm, Valeri Galtsev wrote: Dear All, I guess, we all have to urgently apply workaround, following, say, this: https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/ At least those of us who still have important multi user machines running Linux. I should have said CentOS 7. Older ones (CentOS 6 and 5) are not vulnerable. Patch is out on RHEL side: https://rhn.redhat.com/errata/RHSA-2016-2098.html *** Gilbert Sebenste (My opinions only!) ** *** ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 “DirtyCOW”: Critical Linux Kernel Flaw
On 10/22/2016 07:49 PM, Valeri Galtsev wrote: > Dear All, > > I guess, we all have to urgently apply workaround, following, say, this: > > https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/ > > At least those of us who still have important multi user machines running > Linux. (Yes, me too, I do have a couple, thank goodness, the rest are > already not ;-) > > Have a productive weekend, everybody. > > Valeri We are waiting for the official RHEL source code for this issue for the base kernel, and I do not recommend everybody out there use our experimental 4.4.x kernel for x86_64, BUT with that said I did release a kernel on Friday that has the fix for CVE-2016-5195. It is kernel-4.4.26-201.el7.centos.x86_64.rpm, and it lives here: http://mirror.centos.org/altarch/7/experimental/x86_64/ I don't recommend using this in production without lots of testing first, and it requires a new linux-firmware, xfsprogs, supermin5. It also does not support secure boot. I am using it on several (currently 6) machines and we created it for newer IoT type boards and compute sticks, etc. I have it running on 3 laptops and 3 KVM servers without any issues .. but that is a very small subset of tested configurations. Thanks, Johnny Hughes signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 ?DirtyCOW?: Critical Linux Kernel Flaw
Am 23.10.2016 um 03:31 schrieb Zube : > On Sat Oct 22 08:20:24 PM, Valeri Galtsev wrote: > >> I should have said CentOS 7. Older ones (CentOS 6 and 5) are not vulnerable. > > https://bugzilla.redhat.com/show_bug.cgi?id=1384344 > > Comment #35 points to a link that doesn't depend on /proc/self/mem and > claims to work on CentOS 6 and 5. I'm not quite sure what I should > be looking for when I run the program, though. Its explained it the first line. > I do hope Redhat releases patches soon. What's quite confusing, is Redhat's security rating: "only important" and not critical. I see how security ratings are applied "Flaws that require an authenticated remote user, a local user, or an unlikely configuration are not classed as Critical impact." [1] but such a bug should be weighted discretely. [1] https://access.redhat.com/security/updates/classification/ -- LF ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 ?DirtyCOW?: Critical Linux Kernel Flaw
On Sat Oct 22 08:20:24 PM, Valeri Galtsev wrote: > I should have said CentOS 7. Older ones (CentOS 6 and 5) are not vulnerable. https://bugzilla.redhat.com/show_bug.cgi?id=1384344 Comment #35 points to a link that doesn't depend on /proc/self/mem and claims to work on CentOS 6 and 5. I'm not quite sure what I should be looking for when I run the program, though. I do hope Redhat releases patches soon. Cheers, Zube ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CVE-2016-5195 DirtyCOW: Critical Linux Kernel Flaw
On Sat, October 22, 2016 7:49 pm, Valeri Galtsev wrote: > Dear All, > > I guess, we all have to urgently apply workaround, following, say, this: > > https://gryzli.info/2016/10/21/protect-cve-2016-5195-dirtycow-centos-7rhel7cpanelcloudlinux/ > > At least those of us who still have important multi user machines running > Linux. I should have said CentOS 7. Older ones (CentOS 6 and 5) are not vulnerable. > (Yes, me too, I do have a couple, thank goodness, the rest are > already not ;-) Luckily, no multi-user CentOS 7 machines here, only single user workstations. Good luck, everybody! Valeri PS Sorry about a bit premature first message: I realize not that I was in the same state of mind as back then when there was remote root SSH vulnerability. It was long ago, but some may still remember that... > > Have a productive weekend, everybody. > > Valeri > > > Valeri Galtsev > Sr System Administrator > Department of Astronomy and Astrophysics > Kavli Institute for Cosmological Physics > University of Chicago > Phone: 773-702-4247 > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos