We’ve released five new kernels which contain the fix for the recently announced Linux kernel local privilege escalation vulnerability (CVE-2009-2692). The following kernels are NOT vulnerable:
184.108.40.206-linode19 (Latest 2.6 Stable)
220.127.116.11-x86_64-linode7 (Latest 2.6 Stable – x86_64)
18.104.22.168-linode44 (for UML)
Please check the output of “uname -r” from within your Linode. If you’re not running one of the kernels above (or later) then your Linode may be vulnerable. In that case, we strongly recommend you choose “Latest 2.6 Stable” (or the non-vulnerable kernel of your choice) in your Linode’s Configuration Profile and reboot the Linode to acquire the change. Verify you picked up the new kernel by running “uname -r” again after rebooting.
Exploits exist, affecting all versions of the Linux kernel up to and including 22.214.171.124, that allow a normal local user to gain root privileges. We had mixed results in our testing, but the exploit definitely worked without modification on a couple of our kernels. We strongly recommend you make sure you’re running one of the kernels listed above (or later). We also maintain this list of available kernels.