rssLink RSS for all categories
 
icon_red
icon_green
icon_red
icon_red
icon_blue
icon_green
icon_green
icon_red
icon_red
icon_red
icon_orange
icon_green
icon_green
icon_green
icon_green
icon_blue
icon_red
icon_orange
icon_red
icon_red
icon_red
icon_red
icon_green
icon_red
icon_red
icon_red
icon_red
icon_orange
icon_green
 

FS#11958 — FS#16257 — new kernel images (CVE-2016-0728)

Attached to Project— Distributions/OS
Maintenance
Linux
Planned
0%
A vulnerability in the Linux kernel has been discovered that possibly affects all kernels since version 3.8.

Regarding the OVH Kernel:

- It wasn't possible to prove that the OVH kernel is either affected or not affected by this issue, as a consequence we recompiled the current production kernel (3.14.32) with the patch fixing this issue.
- The updated kernel images are available here: ftp://ftp.ovh.net/made-in-ovh/bzImage/latest-production/
- Netboot and installation images are updated accordingly.

Regarding distribution kernels:
- Debian: Wheezy (7) and Squeeze (6) are not affected. Jessie (and kernels from the jessie-backports repository) are affected, updates are available.
- Ubuntu: updates are available for the affected versions (14.04 "Trusty", 15.04 "Vivid", 15.10 "Wily")
- CentOS: only CentOS 7 is affected, updated kernels are available.
- ArchLinux: updates to 4.3.3-3 and 4.4-4 are available (https://bugs.archlinux.org/task/47820)
- Fedora: (no information as of now)
- Gentoo: updates are available (sys-kernel/gentoo-sources/gentoo-sources-4.1.15-r1)
- Proxmox VE: vulnerable, no update available as of now

Some links with further reading regarding CVE-2016-0728:
https://access.redhat.com/articles/2131021
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-0728
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728