Thursday, October 20, 2016

Dirty COW (CVE-2016-5195): Privilege escalation vulnerability in the Linux Kernel

[2016-10-26]

All the affected cloud images and virtual machines have been successfully patched.

If you are using a Bitnami Cloud Hosting instance, you can easily patch it by following the guide below while we upgrade the base images.

[2016-10-24]

The Bitnami Team is happy to announce that our images on Google, Azure, AWS Marketplace and regular images have been properly updated. Additionally, we will continue to work on releasing the images for our all of our cloud platform partners and virtual machines.

----

A new security vulnerability in the linux kernel has been discovered. You can find out more information about it in the following research report.

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

This could be abused by an attacker to modify existing setuid files with instructions to elevate privileges.

We believe it is of the utmost importance to quickly address any security issues in applications distributed by Bitnami and our team is working to update all of the affected Virtual Machines and Cloud Images available through Bitnami for all Cloud Providers.

Once the new kernel is available, you can update it by running the following commands (you must run the command specific to your distribution):

  • Ubuntu / Debian
sudo apt-get update && sudo apt-get dist-upgrade 

You will have the fixed version of the kernel after rebooting your server.

  • Oracle Linux, Red Hat, CentOS and Amazon Linux
sudo yum update 

You will have the fixed version of the kernel after rebooting your server.

If you have any questions about this process, please post to our community support forum and we will be happy to help!