RSS Feed
News
Mar
14
Vulnerability (CVE-2017-2636) has been discovered in the Linux kernel
Posted by Nicky Longden on 14 March 2017 06:45 PM

A vulnerability (CVE-2017-2636) has been discovered in the Linux kernel which allows unprivileged local users to escalate their privileges. Combined with a remote code execution vulnerability, such as a vulnerability in a web application, this could potentially allow a remote attacker to take over the system. More technical details can be found at http://www.openwall.com/lists/oss-security/2017/03/07/6. The vulnerability affects all recent versions of CentOS, Debian and Ubuntu, with the exception of CentOS 5. Fixes are already available for all currently supported releases of Debian and Ubuntu. When fixes are released for CentOS, this will be announced on the CentOS-announce mailing list (https://lists.centos.org/mailman/listinfo/centos-announce). We have already updated servers for our managed customers running Debian and Ubuntu, and will have been in touch to schedule reboots (as this is a kernel update, you are still vulnerable until you have rebooted). We will update managed CentOS servers as and when a fix is released. Please note that users of distributions that have reached the end of their support life (CentOS 4 and earlier, Debian 6 and earlier, any Ubuntu releases other than 12.04, 14.04, 16.04 and 16.10) are highly likely to be affected, but will not receive any security updates. We strongly recommend that users of such distributions contact us to discuss upgrade options as a matter of urgency. Please contact our sales team on 0800 1 777 000 if you would like to discuss your options.