Friday, January 22, 2016

Security Notification: Linux kernel vulnerability (CVE-2016-0728)


UPDATE: January 22, 2016


As of this posting, all affected Bitnami virtual machines and cloud images have been patched for Linux kernel vulnerability CVE-2016-0728. This includes all downloadable virtual machines as as well as Bitnami images on Amazon AWS, Bitnami Cloud Hosting, Centurylink, Digital Ocean, Google Cloud Platform, Microsoft Azure, Oracle Cloud Platform, and VMware vCloud Air public clouds.

For instructions on how to patch currently running systems, please see below.

------------------------------------

A new security vulnerability in the linux kernel has been discovered. You can find out more information about it in this link.

Any Bitnami-packaged image that was launched before January 20th, 2016 could be vulnerable if it has the version 3.8 of the kernel or later.


We believe it is of the utmost importance to quickly address any security issues in applications distributed by Bitnami and our team is working to update all of the affected Virtual Machines and Cloud Images available through Bitnami for all Cloud Providers.


Please take a moment to check if your image is vulnerable by following the instructions in our wiki:


https://wiki.bitnami.com/security/2016-01-20_LINUX_KERNEL_VULNERABILITY_(CVE-2016-0728)


You can update the version of the kernel running the following commands (you must run the command specific to your distribution):

  • Ubuntu 
sudo apt-get update && sudo apt-get dist-upgrade

You'll have the fixed version of the kernel after rebooting your server: 3.13.0-76-generic


  • Debian 
sudo apt-get update && sudo apt-get dist-upgrade

You'll have the fixed version of the kernel after rebooting your server: 3.16.7-ckt20-1

  • Oracle Linux 
sudo yum update
sudo yum upgrade

You'll have the fixed version of the kernel after rebooting your server: 3.8.13-118.2.5.el6uek.x86_64


  • Amazon Linux 
sudo yum clean all
sudo yum update kernel

You'll have the fixed version of the kernel after rebooting your server: 4.1.13-19.31.amzn1.x86_64
  • RedHat Linux. The version Red Hat 6.6 is not affected by this issue.

If you have any questions about this process, please post to our community support forum and we will be happy to help!

No comments:

Post a Comment

Please use our community forum if you have any questions community.bitnami.com