Resolved Dirty COW (CVE-2016-5195)

[SCRINF]

Hi to all
need to update my Centos 7 because:

bash rh-cve-2016-5195_1.sh
[1;31mYour kernel is [0m3.10.0-327.36.2.el7.x86_64[1;31m which IS vulnerable.[0m
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .

but Plesk indicates not update the kernel in yum update:

"for yum, add to /etc/yum.conf:

exclude=kernel* sendmail bind-chroot caching-nameserver"

Any help please.

Thanks.

 

[IgorG]

By default there is no any excludes from Plesk side. Must probably this exclude was added to your yum.conf according to article https://kb.plesk.com/en/234
So, I think that you can upgrade kernel.

 

[SCRINF]

Hi Igor
my VPS is automatic update from my provider and is on 120.3
2.6.32-042stab120.3 #1 SMP Thu Oct 20 18:18:21 MSK 2016 x86_64 x86_64 x86_64 GNU/Linux

other private server no VPS is update to:
10.0-327.36.2.el7.x86_64 but there is not solve cve-2016-5195 i think need update to 36.3

Thanks for your support.

 

[SCRINF]

Hi
im happy now:

Your kernel is [0m3.10.0-327.36.3.el7.x86_64[1;32m which is NOT vulnerable.

and Plesk run good... for the moment.

Thanks.

 

[pegasx]

By default there is no any excludes from Plesk side. Must probably this exclude was added to your yum.conf according to article https://kb.plesk.com/en/234
So, I think that you can upgrade kernel.

@IgorG Does this mean exclude=kernel* sendmail bind-chroot caching-nameserver" line can be removed from Centos 6 - Plesk 12.5 systems also?

 

[IgorG]

@IgorG Does this mean exclude=kernel* sendmail bind-chroot caching-nameserver" line can be removed from Centos 6 - Plesk 12.5 systems also?

Yes, you can remove kernel* at least.