Page 1 of 1

Kernel Update For CENTOS5 Againts Dirty COW

Posted: 2016/10/27 13:11:17
by Hirbodco
Hello,

I Updated My Kernel Server ( CENTOS 5 ) To : 2.6.18-412.el5.centos.plus ( Latest Kernel via yum -y kernel update )

then i wget https://access.redhat.com/sites/default ... -5195_1.sh and run : bash rh-cve-2016-5195_1.sh

This Text Appear :

Your kernel is 2.6.18-412.el5.centos.plus which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vuln ... es/2706661 .

how i shoud update kernel to fix Dirty COW BUG ?

Best Regards,

Re: Kernel Update For CENTOS5 Againts Dirty COW

Posted: 2016/10/27 13:18:48
by TrevorH
There are no patches yet for RHEL5/CentOS 5. The status page says that there will be fixed versions but they have not yet been released by RH. You can apply the systemtap mitigation as described in that article or you can just wait until the newer kernels come out.

Re: Kernel Update For CENTOS5 Againts Dirty COW

Posted: 2016/10/28 20:56:02
by avij
An update (2.6.18-416) was released today, so you should get it the next time you run yum update.

Re: Kernel Update For CENTOS5 Againts Dirty COW

Posted: 2017/10/24 05:52:19
by alok
Hi,

Would anyone help me to get the Centos 5.4 & 5.10 32 bit kernel rpm to fix this issue? Thanks !!

Re: Kernel Update For CENTOS5 Againts Dirty COW

Posted: 2017/10/24 10:15:49
by TrevorH
Both 5.4 and 5.10 are old and exploitable. The latest and last CentOS 5 version was 5.11 but it is now completely EOL and there will be no more updates for it, ever. You should be making plans to move to a supported version ASAP. CentOS 5.4 is so old that it's positively dangerous and needs updating ASAP.

All CentOS 5 content has been removed from the mirrors and moved to vault.centos.org. You can edit your /etc/yum.repos.d/CentOS-Base.repo file and comment the mirrorlist= line and adjust the baseurl= parameter to point to the 5.11 directory on the vault to get as far up to date as is possible (gets you to March 2017). There have been several high severity vulnerabilities fixed in CentOS 6 and 7 since CentOS 5 went EOL so you will still not be up to date but it's as good as you can get for the moment. Once that's done, you need to start your migration to a supported version. I'd recommend skipping CentOS 6 entirely as that has already gone into "production phase 3" upstream at Redhat which means that only critical severity security issues will be patched. It goes EOL in 2020.