Dirty COW exploit patch

Support for security such as Firewalls and securing linux
mghe
Posts: 757
Joined: 2015/11/24 12:04:43
Location: Katowice, Poland

Re: Dirty COW exploit patch

Post by mghe » 2016/10/24 16:46:33


enjinn
Posts: 8
Joined: 2016/10/25 18:16:52

Re: Dirty COW exploit patch

Post by enjinn » 2016/10/25 18:20:21

Now that Red Hat has patched for Dirty Cow how long does the typically take to flow through CentOS before we get the updated kernel?

User avatar
TrevorH
Forum Moderator
Posts: 29171
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Dirty COW exploit patch

Post by TrevorH » 2016/10/25 18:22:25

It's already there. Run yum update and you should see kernel-3.10.0-327.36.3.el7 and if not, run yum clean all and then try again.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

enjinn
Posts: 8
Joined: 2016/10/25 18:16:52

Re: Dirty COW exploit patch

Post by enjinn » 2016/10/25 18:27:39

TrevorH wrote:It's already there. Run yum update and you should see kernel-3.10.0-327.36.3.el7 and if not, run yum clean all and then try again.
that did it, thank you

kweslowski
Posts: 6
Joined: 2016/10/24 14:44:05

Re: Dirty COW exploit patch

Post by kweslowski » 2016/10/25 21:43:53

after I do a yum clean all and then a yum -v info kernel it doesn't show the latest kernel update:

Code: Select all

Available Packages
Name        : kernel
Arch        : x86_64
Version     : 3.10.0
Release     : 327.36.2.el7
Size        : 33 M
Repo        : updates/7/x86_64
Committer   : CentOS Sources <bugs@centos.org>
Committime  : Mon Oct 10 06:00:00 2016
Buildtime   : Mon Oct 10 17:53:54 2016
Summary     : The Linux kernel
URL         : http://www.kernel.org/
License     : GPLv2
Description : The kernel package contains the Linux kernel (vmlinuz), the core of any
            : Linux operating system.  The kernel handles the basic functions
            : of the operating system: memory allocation, process allocation, device
            : input and output, etc.
What should I do to get the kernel update that resolves this vulnerability?

User avatar
avij
Retired Moderator
Posts: 3039
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: Dirty COW exploit patch

Post by avij » 2016/10/25 22:05:58

Have you hardcoded some specific mirror with baseurl= in your /etc/yum.repos.d/CentOS-Base.repo file (updates section), or do you use the default mirrorlist=http://mirrorlist.centos.org/... configuration?

Perhaps the mirror where you get your updates hasn't synced the new files yet. There is a timestamp.txt file in the mirror's root directory which shows the latest time the data was synced.

Also make sure your updates repository is enabled. Some people disable it for some bizarre reason. You can check that with yum repolist.

kweslowski
Posts: 6
Joined: 2016/10/24 14:44:05

Re: Dirty COW exploit patch

Post by kweslowski » 2016/10/25 22:22:18

Thanks, I've checked everything that you recommended...here's the results:


from my CentOS-Base.repo file:

Code: Select all

#released updates
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
my mirror's timestamp shows that it was updated recently: http://muug.ca/mirror/centos/timestamp.txt


yum -v repolist shows this:

Code: Select all

Repo-id      : updates/7/x86_64
Repo-name    : CentOS-7 - Updates
Repo-revision: 1477086195
Repo-updated : Fri Oct 21 15:48:38 2016
Repo-pkgs    : 2,548
Repo-size    : 7.3 G
Repo-mirrors : http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=updates&infra=stock
Repo-baseurl : http://muug.ca/mirror/centos/7.2.1511/updates/x86_64/ (9 more)
Repo-expire  : 21,600 second(s) (last: Tue Oct 25 15:30:16 2016)
Repo-filename: /etc/yum.repos.d/CentOS-Base.repo
According to repo-expire, it should have picked up the latest kernel update since the timestamp on the kernel update was this morning.

Any ideas?

User avatar
avij
Retired Moderator
Posts: 3039
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: Dirty COW exploit patch

Post by avij » 2016/10/25 22:28:07

Yes, that mirror seems to be OK. Perhaps it's time to use a bigger hammer.. Try rm -rf /var/cache/yum/x86_64/7/updates

kweslowski
Posts: 6
Joined: 2016/10/24 14:44:05

Re: Dirty COW exploit patch

Post by kweslowski » 2016/10/25 22:34:37

ran it...still no change:

yum -v info kernel

Code: Select all

Loading "fastestmirror" plugin
Config time: 0.017
Yum version: 3.4.3
rpmdb time: 0.000
Setting up Package Sacks
updates                                                                                          | 3.4 kB  00:00:00
updates/7/x86_64/primary_db                                                                      | 8.4 MB  00:00:02
Loading mirror speeds from cached hostfile
 * base: centos.mirror.iweb.ca
 * extras: muug.ca
 * updates: muug.ca
pkgsack time: 6.245

...

Available Packages
Name        : kernel
Arch        : x86_64
Version     : 3.10.0
Release     : 327.36.2.el7
Size        : 33 M
Repo        : updates/7/x86_64
updates/7/x86_64/other_db                                                                        |  73 MB  00:00:30
Committer   : CentOS Sources <bugs@centos.org>
Committime  : Mon Oct 10 06:00:00 2016
Buildtime   : Mon Oct 10 17:53:54 2016
Summary     : The Linux kernel
URL         : http://www.kernel.org/
License     : GPLv2
Description : The kernel package contains the Linux kernel (vmlinuz), the core of any
            : Linux operating system.  The kernel handles the basic functions
            : of the operating system: memory allocation, process allocation, device
            : input and output, etc.

User avatar
TrevorH
Forum Moderator
Posts: 29171
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Dirty COW exploit patch

Post by TrevorH » 2016/10/25 23:05:51

What does rpm -q kernel say?
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply

Return to “CentOS 7 - Security Support”