Critical kernel update!

Richard G

Richard G

Verified User
Joined
Jul 6, 2008
Messages
12,744
Location
Maastricht
I don't know if you guys read it or not, but since there are several people which do not update there kernels on a regular base, please read this:

For more than two years, the Linux operating system has contained a high-severity vulnerability that gives untrusted users with restricted accounts nearly unfettered "root" access over machines, including servers running in shared Web hosting facilities and other sensitive environments. Surprisingly, most users remain wide open even now, more than a month after maintainers of the open-source OS quietly released an update that patched the gaping hole.
Click to expand...

Read more:
http://arstechnica.com/security/201...ability-imperils-users-even-after-silent-fix/

The flaw affects versions of the Linux kernel from 2.6.37 to 3.8.8 that have been compiled with the CONFIG_PERF_EVENTS kernel configuration option.

There is already an update present via yum if everything is correct.
At least for Centos 6.
 
I'm going to update a bunch of servers over the next 24 hours, but this may not be as critical as you might think if your users don't already have some kind of shell access.

Jeff
 
Correct, but a lot of hosters out there still do offer shell access.
And I didn't see the warning here so I thought it might be interesting to several people.

As for our servers, we don't give any customer shell access.
 
We indeed allow cron in DA packages, so I'm glad I always do kernel updates and at this point on all servers only root, admin or diradmin are using cronjobs. The one frmo diradmin is a backup job from my own account.

Would it be a better/safer idea not to allow cronjobs to users? I thought most hosters still allowed cronjobs.
 
I already had discussed this with my collegue this afternoon after you wrote it, and we decided to disable it for all customers. Nobody was using them anyway.
Thank you for the tip and the confirmation about the safety.
 
You must log in or register to reply here.
Back
Top