All the affected cloud images and virtual machines have been successfully patched.
[2016-10-24]
The Bitnami Team is happy to announce that our images on Google, Azure, AWS Marketplace and regular images have been properly updated. Additionally, we will continue to work on releasing the images for our all of our cloud platform partners and virtual machines.
----
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
This could be abused by an attacker to modify existing setuid files with instructions to elevate privileges.
We believe it is of the utmost importance to quickly address any security issues in applications distributed by Bitnami and our team is working to update all of the affected Virtual Machines and Cloud Images available through Bitnami for all Cloud Providers.
Once the new kernel is available, you can update it by running the following commands (you must run the command specific to your distribution):
- Ubuntu / Debian
sudo apt-get update && sudo apt-get dist-upgrade
You will have the fixed version of the kernel after rebooting your server.
- Oracle Linux, Red Hat, CentOS and Amazon Linux
sudo yum update
You will have the fixed version of the kernel after rebooting your server.
If you have any questions about this process, please post to our community support forum and we will be happy to help!