Wednesday, February 22, 2017

Security notification: DCCP double-free kernel vulnerability (CVE-2017-6074)


[UPDATE 2017-02-28]


Updated blog post with the steps to update CentOS and Oracle Linux kernels

----

[UPDATE 2017-02-23]

Updated blog post with the steps to update Debian and RedHat kernels

----

A new security vulnerability in the Linux kernel has been discovered. You can find more information about this vulnerability in the following research report: "DCCP double-free vulnerability".

Even though the Linux kernel code affected was implemented before 2006, it is not a remotely exploitable vulnerability. Therefore, you can continue using any of the Bitnami Cloud Images or Virtual Machines without being affected. We also want to let you know that our containers offering is not affected by this security vulnerability.

At the time of this post, a new patched kernel has only been released for Ubuntu. We will update this blog post as kernel patches for other distributions become available. You can update your appropriate kernel by running the following commands (you must run the command specific to your distribution):

Ubuntu 


sudo apt-get update && sudo apt-get dist-upgrade 

You will have the fixed version of the kernel after rebooting your server. You will get a similar output than this one when running `uname -a`

Linux ip-172-31-32-244 3.13.0-110-generic #157-Ubuntu SMP Mon Feb 20 11:54:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

Debian


sudo apt-get update && sudo apt-get dist-upgrade 

You will have the fixed version of the kernel after rebooting your server. You will get a similar output than this one when running `uname -a`

Linux bitnami-wordpress-dm-1d22 3.16.0-4-amd64 #1 SMP Debian 3.16.39-1+deb8u1 (2017-02-22) x86_64 GNU/Linux

RedHat


sudo yum update 

You will have the fixed version of the kernel after rebooting your server. You will get a similar output than this one when running `uname -a`

Linux ip-10-99-173-165.ec2.internal 3.10.0-514.6.2.el7.x86_64 #1 SMP Fri Feb 17 19:21:31 EST 2017 x86_64 x86_64 x86_64 GNU/Linux

CentOS


sudo yum update 

You will have the fixed version of the kernel after rebooting your server. You will get a similar output than this one when running `uname -a`

Linux localhost.localdomain 3.10.0-514.6.2.el7.x86_64 #1 SMP Thu Feb 23 03:04:39 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

Oracle Linux


sudo yum update 

You will have the fixed version of the kernel after rebooting your server. You will get a similar output than this one when running `uname -a`

Linux bitnami-wordpress-0 4.1.12-61.1.28.el6uek.x86_64 #2 SMP Thu Feb 23 20:03:53 PST 2017 x86_64 x86_64 x86_64 GNU/Linux

If you have any questions about this process, please post to our community support forum and we will be happy to help!