OVHcloud Bare Metal Cloud Status

Current status
Legend
  • Operational
  • Degraded performance
  • Partial Outage
  • Major Outage
  • Under maintenance
FS#16257 — new kernel images (CVE-2016-0728)
Scheduled Maintenance Report for Bare Metal Cloud
Completed
A vulnerability in the Linux kernel has been discovered that possibly affects all kernels since version 3.8.

Regarding the OVH Kernel:

- It wasn't possible to prove that the OVH kernel is either affected or not affected by this issue, as a consequence we recompiled the current production kernel (3.14.32) with the patch fixing this issue.
- The updated kernel images are available here: ftp://ftp.ovh.net/made-in-ovh/bzImage/latest-production/
- Netboot and installation images are updated accordingly.

Regarding distribution kernels:
- Debian: Wheezy (7) and Squeeze (6) are not affected. Jessie (and kernels from the jessie-backports repository) are affected, updates are available.
- Ubuntu: updates are available for the affected versions (14.04 \"Trusty\", 15.04 \"Vivid\", 15.10 \"Wily\")
- CentOS: only CentOS 7 is affected, updated kernels are available.
- ArchLinux: updates to 4.3.3-3 and 4.4-4 are available (https://bugs.archlinux.org/task/47820)
- Fedora: (no information as of now)
- Gentoo: updates are available (sys-kernel/gentoo-sources/gentoo-sources-4.1.15-r1)
- Proxmox VE: vulnerable, no update available as of now

Some links with further reading regarding CVE-2016-0728:
https://access.redhat.com/articles/2131021
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-0728
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728
Posted Jan 20, 2016 - 18:51 UTC