Dirty COW patch

Support for security such as Firewalls and securing linux
Post Reply
rosede
Posts: 5
Joined: 2014/11/04 16:27:52

Dirty COW patch

Post by rosede » 2017/04/07 12:32:31

Was there ever a Dirty COW patch released for 6.8? If so, where would I get the patch?

Thanks

Daryl

stevemowbray
Posts: 519
Joined: 2012/06/26 14:20:47

Re: Dirty COW patch

Post by stevemowbray » 2017/04/07 14:06:05

Run "yum update" which will get you all the current patches and updates.

MartinR
Posts: 714
Joined: 2015/05/11 07:53:27
Location: UK

Re: Dirty COW patch

Post by MartinR » 2017/04/07 14:19:58

NB and also update you from 6.8 to 6.9.

CaViCcHi
Posts: 68
Joined: 2012/04/18 17:03:15
Contact:

Re: Dirty COW patch

Post by CaViCcHi » 2017/05/25 05:12:06

I think the patch came with kernel > 2.6.32.642 ?

so if you're running that or higher you're cool, otherwise yes

yum update kernel

ccbamatx
Posts: 1
Joined: 2019/01/09 23:18:26

Re: Dirty COW patch

Post by ccbamatx » 2019/01/09 23:25:18

I just got dirty cow'd with firefart... apparently the pokemon exploit of the dirtycow vulnerability.

Problem is, I am running on Centos 6.10 (Final).

Everything I have read suggests that there is no further upgrade path on Centos 6.

Will upgrading to Centos 7 patch this vulnerability?

https://github.com/FireFart/dirtycow/bl ... er/dirty.c

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Dirty COW patch

Post by TrevorH » 2019/01/09 23:35:28

It's already fixed and has been since
* Mon Oct 24 2016 Phillip Lougher <plougher@redhat.com> [2.6.32-665.el6]
- [mm] close FOLL MAP_PRIVATE race (Larry Woodman) [1385117] {CVE-2016-5195}
https://access.redhat.com/security/cve/cve-2016-5195
https://access.redhat.com/errata/RHSA-2016:2105 says it was fixed in kernel-2.6.32-642.6.2.el6.x86_64.rpm

The current CentOS 6 kernel is kernel-2.6.32-754.9.1.el6.x86_64 and that output is from rpm -q --changelog. What does uname -r say on the affected server? If it's less than 2.6.32-642.6.2 then it would have been vulnerable. If not then it wasn't.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply