The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My work

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,797 other followers

How To Patch and Protect Linux Kernel Zero Day Local Privilege Escalation Vulnerability CVE-2016-5195 [ 21/Oct/2016 ]

Posted by jpluimers on 2016/10/21

There is a nasty (Dirty COW: CVE-2016-5195) Linux kernel bug with zero-day exploits floating around

OpenSuSE updates will be available soon (likely this weekend); from the  #openSUSE-factory IRC channel :

wiert: any E.T.A. for CVE-2016-5195 in the various releases?

_Marcus_: 13.1 and 42.1 i just released. 13.2 submission i am still awaiting, so release likely tomorrow

wiert: How about Tumbleweed?

DimStar: for TW, I have it in staging and will try to squeeze it into the 1021 snapshot
so unlike something really bad happened, it should be shipping tomorrow or Sunday

via: How To Patch and Protect Linux Kernel Zero Day Local Privilege Escalation Vulnerability CVE-2016-5195 [ 21/Oct/2016 ] [WayBack]

Progress can be tracked at https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-5195 (via simotek a.k.a. Simon Lees at IRC). Hopefully 13.2 will get released on Monday.

Edit: 13.2 didn’t make it on monday. Progress can be found via https://build.opensuse.org/project/maintenance_incidents/openSUSE:Maintenance (slow loading page!) and is at https://build.opensuse.org/project/show/openSUSE:Maintenance:5752

More exploits at https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs

–jeroen

Testing 13.2:

# zypper addrepo http://download.opensuse.org/repositories/openSUSE:/Maintenance:/5752/openSUSE_13.2_Update/openSUSE:Maintenance:5752.repo
# zypper patch

This works fine in await of the formal update process and me testing it resulted in the release of the kernel to the official 13.2 update, but note you still have to reboot after the update even though the process doesn’t tell you that:

wiert: @_Marcus_ “klopt als een zwerende vinger” or in English: works splendid. install and test log at https://gist.github.com/jpluimers/42694ab1df04ea1bc8433ae021f9ef7e
wiert: @_Marcus_ thanks about teaching me about `zypper patch`. Need to run for the fundraising event now.
_Marcus_: wiert: thanks :)
wiert: @_Marcus_ no problem. Given the work you guys (and gals?) do it’s a small thing with the added bonus of contributing to my motto “life is about learning new things every day”.
_Marcus_: after your feedback i have now released the kenel ;)
wiert: @_Marcus_ great, looking forward to the actual update later. Thanks a lot!
wiert: @_Marcus_ I’ve updated the gist: 13.2 plus official dirty-COW update needs reboot, but the update process doesn’t list about reboot. Didn’t get the full zypper output, but I after updating I did a before/after reboot comparison of the behaviour. Results in https://gist.github.com/jpluimers/42694ab1df04ea1bc8433ae021f9ef7e#file-testing-official-update-before-reboot-then-reboot-retest-txt

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: