content:en_us:announcements_cve_cve-2016-5195

CVE 2016-5195

/** * This is the notes section. CVE documents should ONLY be created by employees of ClearCenter with the authority to make statements on behalf of the company. If you have content that would be useful to the statement, please contact ClearCenter. */

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

ClearCenter response

This bug affects all versions of ClearOS and all version of Linux in the past 10 years (including Android). Users of ClearOS 5.x must upgrade to version 6 or 7 as no fix will be provided for ClearOS 5.x version which are now out of support.

Short response

Update to kernel version 3.10.0-327.36.3.v7 or later.

Long response

Update to kernel version 3.10.0-327.36.3.v7 or later.

Resolution

Currently the patch for this fix has been built and is in the updates-testing repository. To install it run:

yum --enablerepo=clearos-updates-testing update kernel
content/en_us/announcements_cve_cve-2016-5195.txt · Last modified: 2016/10/28 17:20 by dloper

Page Tools