Dirty COW exploit patch

[mghe]

https://rhn.redhat.com/errata/RHSA-2016-2098.html

[enjinn]

Now that Red Hat has patched for Dirty Cow how long does the typically take to flow through CentOS before we get the updated kernel?

[TrevorH]

It's already there. Run yum update and you should see kernel-3.10.0-327.36.3.el7 and if not, run yum clean all and then try again.

[enjinn]

It's already there. Run yum update and you should see kernel-3.10.0-327.36.3.el7 and if not, run yum clean all and then try again.

that did it, thank you

[kweslowski]

after I do a yum clean all and then a yum -v info kernel it doesn't show the latest kernel update:

Code: Select all

Available Packages
Name        : kernel
Arch        : x86_64
Version     : 3.10.0
Release     : 327.36.2.el7
Size        : 33 M
Repo        : updates/7/x86_64
Committer   : CentOS Sources <bugs@centos.org>
Committime  : Mon Oct 10 06:00:00 2016
Buildtime   : Mon Oct 10 17:53:54 2016
Summary     : The Linux kernel
URL         : http://www.kernel.org/
License     : GPLv2
Description : The kernel package contains the Linux kernel (vmlinuz), the core of any
            : Linux operating system.  The kernel handles the basic functions
            : of the operating system: memory allocation, process allocation, device
            : input and output, etc.

What should I do to get the kernel update that resolves this vulnerability?

[avij]

Have you hardcoded some specific mirror with baseurl= in your /etc/yum.repos.d/CentOS-Base.repo file (updates section), or do you use the default mirrorlist=http://mirrorlist.centos.org/... configuration?

Perhaps the mirror where you get your updates hasn't synced the new files yet. There is a timestamp.txt file in the mirror's root directory which shows the latest time the data was synced.

Also make sure your updates repository is enabled. Some people disable it for some bizarre reason. You can check that with yum repolist.

[kweslowski]

Thanks, I've checked everything that you recommended...here's the results:


from my CentOS-Base.repo file:

Code: Select all

#released updates
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

my mirror's timestamp shows that it was updated recently: http://muug.ca/mirror/centos/timestamp.txt


yum -v repolist shows this:

Code: Select all

Repo-id      : updates/7/x86_64
Repo-name    : CentOS-7 - Updates
Repo-revision: 1477086195
Repo-updated : Fri Oct 21 15:48:38 2016
Repo-pkgs    : 2,548
Repo-size    : 7.3 G
Repo-mirrors : http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=updates&infra=stock
Repo-baseurl : http://muug.ca/mirror/centos/7.2.1511/updates/x86_64/ (9 more)
Repo-expire  : 21,600 second(s) (last: Tue Oct 25 15:30:16 2016)
Repo-filename: /etc/yum.repos.d/CentOS-Base.repo

According to repo-expire, it should have picked up the latest kernel update since the timestamp on the kernel update was this morning.

Any ideas?

[avij]

Yes, that mirror seems to be OK. Perhaps it's time to use a bigger hammer.. Try rm -rf /var/cache/yum/x86_64/7/updates

[kweslowski]

ran it...still no change:

yum -v info kernel

Code: Select all

Loading "fastestmirror" plugin
Config time: 0.017
Yum version: 3.4.3
rpmdb time: 0.000
Setting up Package Sacks
updates                                                                                          | 3.4 kB  00:00:00
updates/7/x86_64/primary_db                                                                      | 8.4 MB  00:00:02
Loading mirror speeds from cached hostfile
 * base: centos.mirror.iweb.ca
 * extras: muug.ca
 * updates: muug.ca
pkgsack time: 6.245

...

Available Packages
Name        : kernel
Arch        : x86_64
Version     : 3.10.0
Release     : 327.36.2.el7
Size        : 33 M
Repo        : updates/7/x86_64
updates/7/x86_64/other_db                                                                        |  73 MB  00:00:30
Committer   : CentOS Sources <bugs@centos.org>
Committime  : Mon Oct 10 06:00:00 2016
Buildtime   : Mon Oct 10 17:53:54 2016
Summary     : The Linux kernel
URL         : http://www.kernel.org/
License     : GPLv2
Description : The kernel package contains the Linux kernel (vmlinuz), the core of any
            : Linux operating system.  The kernel handles the basic functions
            : of the operating system: memory allocation, process allocation, device
            : input and output, etc.

[TrevorH]

What does rpm -q kernel say?