Red Hat Security Advisory https://rhn.redhat.com/errata/RHSA-2016-2098.html

October 24, 2016 157 views
Security CentOS

I received a Red Hat Security Advisory https://rhn.redhat.com/errata/RHSA-2016-2098.html pertaining to a race condition that was found in the way the Linux kernel's memory subsystem
handled the copy-on-write. Although this is a local user exploit it draws up the question, what is the turn-a-round time Digital Ocean will provide a kernel available to us when these exploit notifications are released?

1 Answer

As far as I know, you are able to upgrade kernel to newer one which have it fixed. Even on DigitalOcean.

On day COW was disclosured, DigitalOcean published tutorial with steps needed to protect your Droplet. You can read it in How To Protect Your Server Against the Dirty COW Linux Vulnerability. It have steps for both Ubuntu/Debian and CentOS.

I hope you meant on this, sorry if I misunderstood the question

On October 21, 2016, a privilege escalation vulnerability in the Linux kernel was disclosed. The bug is nicknamed Dirty COW because the underlying issue was a race condition in the way kernel handles copy-on-write (COW). Exploiting this bug means that a regular, unprivileged user on your server can gain write access to any file they can read, and can therefore increase their privileges on the system. This tutorial explains how to protect your server from this vulnerability.
  • Yes I have tried this but cannot get a branded kernel to work with IP tables on your platform. When will Digital Ocean have a kernel available for Centos 7 to rectify this?

    • DigitalOcean let's you manage kernel how you want. You should be to install any version you want.

      Keep in mind that if your Droplet is older you need to update to internally managed kernel and then use method in above article to update.
      Learn more about it in tutorial.

      For problems with iptables, or for any further instructions feel free to ask here or contact support.

      by Adam LaGreca
      Updating the kernel on your DigitalOcean Droplet is a straight forward process that differs slightly based on the Droplet's operating system. In this guide, we'll walk you through the process of updating your kernels for DigitalOcean Droplets.
Have another answer? Share your knowledge.