UCloud-201612-002: Linux kernel through kill to mention the right vulnerability Security Alert-vulnerability warning-the black bar safety net


Dear UCloud users: The Linux kernel is proof of the presence of conditions of competition of high-risk vulnerabilities, exploit the vulnerability from low rights processes executing kernel code, harm the serious. Please check you are using the kernel is in the affected range, and timely upgrades. **Scope of impact** centos 5 and 6 are not affected centos 7 default is not affected by the impact of open namespaces after the affected) ubuntu 12.04 14.04 affected Debian 7, and 8 affected **Solution** Please make a backup of the work, in order to avoid a kernel repair after an accident situation 1. A self-compiled fix, access repair code, download address: http://t.cn/RI7nIH3 2. Through the package Manager to download the update, after the update you need to restart to take effect: 1)centos7 upgrade methods: Official not yet released a Fix Pack 2)ubuntu: the sudo apt-get update sudo apt-get install linux-image-generic sudo reboot uname-a view system version for the following, the description of the upgrade success: ubuntu 14.04 : 3.13.0-105.152 ubuntu 12.04 : 3.2.0-118.161 3)Debian: the The official website is not yet published update package **Vulnerability details** CVE-2016-8655: Linux (net/packet/af_packet. c)the presence of conditions of competition vulnerability that can allow low-privileged process to obtain the kernel code to execute permission. Vulnerability as early as 2011(v3. 2-rc1)version are found in 2016 11 on v4. 9-rc8 version is fixed. POC: the https://www.exploit-db.com/exploits/40871/