我们已经发布了五个新内核,它们包含了对最近公布的Linux内核本地权限升级漏洞(CVE-2009-2692)的修复。 以下内核不存在漏洞:
2.6.18.8-linode19 (最新2.6稳定版)
2.6.30.5-linode20
2.6.18.8-x86_64-linode7 (最新 2.6 稳定版 - x86_64)
2.6.30.5-x86_64-linode8
2.6.23.17-linode44 (用于 UML)
请在你的Linode中检查 "uname -r "的输出。 如果你没有运行上述内核之一(或更高版本),那么你的Linode可能存在漏洞。 在这种情况下,我们强烈建议你在你的Linode的配置文件中选择 "最新的2.6稳定版"(或你选择的非脆弱内核),并重新启动Linode以获得改变。 在重启后再次运行 "uname -r "来验证你是否获得了新的内核。
存在漏洞,影响到2.6.30.4以下所有版本的Linux内核,允许一个正常的本地用户获得root权限。 在我们的测试中,我们有不同的结果,但这个漏洞在我们的几个内核上肯定是有效的,没有修改。 我们强烈建议你确保你正在运行上面列出的内核之一(或更高)。 我们还维护了这个可用内核的列表。
评论 (12)
Thanks for the update. Was wondering when this was going to come out. I was scared for a few days.
The 2.6.18.8 series kernels we released last Friday night, but wanted to wait for 2.6.30.5 before making the announcement.
Nice, thanks for the update.
How do I upgrade to the latest kernel if I’m on an old version?
To upgrade, simply reboot, then verify it again with: uname -r
Thanks for informing us about that on your blog.
I love your service. 🙂
Have a good day.
Davide.
Mine says “2.6.18.8-linode16”.
Would you say this requires update?
Thanks!
Is 2.6.18.8-linode16 or later in the list above? No. So you’re vulnerable.
Thank you for your continued updates. This is very much appreciated and certainly why Linode LLC is the right choice for our services. Keep up the fantastic support work.
Thanks for the great work! Is this kernel’s source available? I see many kernel sources here: https://www.linode.com/src/ but not 2.6.23.17-linode44.
I was hoping to get the right headers so I can compile kernel modules on my Linodes!
@Casey – that’s a UML kernel, which doesn’t support modules in our environment. If you need modules, submit a ticket and we’ll migrate your Linode to a Xen host.
Thanks for the advice! I rarely need to build kernel modules, but it would be nice and I doubt I’d notice the UML/Xen switch otherwise.