Jan 22, 2016

Update Your Linux Server to Protect Against Very Serious Local Privilege Escalation Vulnerability

If you’re running a server or desktop with Linux Kernel 3.8 or higher, you and your website or application are vulnerable to a very serious 0-day local privilege escalation vulnerability. Millions of Linux systems around the world are vulnerable to compromise and must be patched.

What Damage Can the Linux Vulnerability Cause?

This bug (referred to as CVE-2016-0728) affects the keyrings facility in the kernel, allowing the kernel to cache security data, authentication keys, and other sensitive data. The bug creates a leak in the keyring reference process, which can cause a memory leak and can enable exploitative actions that can cause harm to your server and data. Read the full security advisory here.

What You Need to Do to Protect Yourself and Your Data

The List of Affected Linux Distros

If your server is running one of these linux distros, it is potentially affected and must be updated.

To be fully protected, install all available patches for your server and then reboot your server.

If you are a Codero Proactive Managed Hosting client, your kernel has already been patched. To learn more about Codero Proactive Managed Hosting and add it to your account today, speak with a hosting expert now.

Note: Before initiating this process, know that package upgrades may not go as planned.  As such, please be sure to have any data backed up before performing system changes.

Step One:

The first step is to note your current kernel version:

$ uname -a
$ uname -mrs

This will identify your kernel version. For example:

Linux 3.13.0-74-generic x86_64

Step Two:

Once you’ve identified your current kernel, your next step is to apply the patch. The patch will differ depending upon your kernel version. Upon patching, you’ll need to reboot your server. Here are the steps you need to take.

If you’re running Debian or Ubuntu Linux:

$ sudo apt-get update && sudo apt-get upgrade

Then, reboot your server:

$ sudo reboot

If you’re on RHEL/CentOS Linux:

$ sudo yum update
$ sudo reboot

If you’re on Suse Enterprise Linux or Opensuse Linux and want to apply all needed patches:

# zypper patch
# reboot

Alternatively, here is version specific info for Suse Enterprise Linux or Opensuse Linux:

SUSE Linux Enterprise Workstation Extension 12-SP1

# zypper in -t patch SUSE-SLE-WE-12-SP1-2016-124=1

USE Linux Enterprise Software Development Kit 12-SP1

# zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-124=1

SUSE Linux Enterprise Server 12-SP1

# zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-124=1

SUSE Linux Enterprise Module for Public Cloud 12

# zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-124=1

SUSE Linux Enterprise Live Patching 12

# zypper in -t patch SUSE-SLE-Live-Patching-12-2016-124=1

SUSE Linux Enterprise Desktop 12-SP1

# zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-124=1

To bring your system up-to-date, run:

# zypper patch && reboot

Step Three:

To ensure that your version number changed and your server has been patched, run:

$ uname -a
$ uname -r
$ umame –mrs

This command will confirm the version of the kernel your system is running. The following is a list of bug fixed kernel versions:

  • Ubuntu Linux 14.04 LTS : 3.13.0-76 (package version 3.13.0-76.120)
  • Debian Linux 8.x : 3.16.0-4 (package version 3.16.7-ckt20-1+deb8u3)
  • SUSE Linux Enterprise Server 12 SP1 : 3.12.51-60.25.1
  • RHEL 7 : 3.10.0-327.4.4.el7.x86_64
  • CentOS 7 : Same as RHEL 7

If you have any questions about the vulnerability or how to patch your server, don’t hesitate to contact Codero support. We are always at your service.

Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedIn

Tags: , , , ,