Question

Red Hat Security Advisory https://rhn.redhat.com/errata/RHSA-2016-2098.html

Posted October 24, 2016 1.7k views
CentOS Security

I received a Red Hat Security Advisory https://rhn.redhat.com/errata/RHSA-2016-2098.html pertaining to a race condition that was found in the way the Linux kernel’s memory subsystem
handled the copy-on-write. Although this is a local user exploit it draws up the question, what is the turn-a-round time Digital Ocean will provide a kernel available to us when these exploit notifications are released?

Add a comment
C8072e51a670d5bd03c6852f6787e1b6cb51987c
By:
Johnnierock
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

1 answer
xMudrii October 24, 2016

As far as I know, you are able to upgrade kernel to newer one which have it fixed. Even on DigitalOcean.

On day COW was disclosured, DigitalOcean published tutorial with steps needed to protect your Droplet. You can read it in How To Protect Your Server Against the Dirty COW Linux Vulnerability. It have steps for both Ubuntu/Debian and CentOS.

I hope you meant on this, sorry if I misunderstood the question

How To Protect Your Server Against the Dirty COW Linux Vulnerability
by Hazel Virdó
On October 21, 2016, a privilege escalation vulnerability in the Linux kernel was disclosed. The bug is nicknamed Dirty COW because the underlying issue was a race condition in the way kernel handles copy-on-write (COW). Exploiting this bug means that a regular, unprivileged user on your server can gain write access to any file they can read, and can therefore increase their privileges on the system. This tutorial explains how to protect your server from this vulnerability.
Reply Report
  • Johnnierock October 31, 2016

    Yes I have tried this but cannot get a branded kernel to work with IP tables on your platform. When will Digital Ocean have a kernel available for Centos 7 to rectify this?

    Reply Report
    • xMudrii October 31, 2016

      DigitalOcean let’s you manage kernel how you want. You should be to install any version you want.

      Keep in mind that if your Droplet is older you need to update to internally managed kernel and then use method in above article to update.
      Learn more about it in tutorial.

      For problems with iptables, or for any further instructions feel free to ask here or contact support.

      Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help