URGENT -Dirty COW exploit - 64 bit antiX-16 users

Forum rules
Post Reply
Message
Author
User avatar
anticapitalista
Developer
Posts: 4165
Joined: Sat Jul 15, 2006 10:40 am

URGENT -Dirty COW exploit - 64 bit antiX-16 users

#1 Post by anticapitalista »

It was brought to my attention by antiX user Rademes that the Dirty COW vulnerability was still present on 64 bit antiX-16 (not 64 bit antiX-16.1 nor 32 bit antiX-16)) after a dist-upgrade.

For some reason the correct linux-image deb was updated, but does not auto-upgrade even though the headers do.

All 64bit antiX-16 users (full, base and core) should do the following.

apt-get update
apt-get dist-upgrade
apt-get install --reinstall linux-headers-4.4.10-antix.1-amd64-smp linux-image-4.4.10-antix.1-amd64-smp
anticapitalista
Reg. linux user #395339.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - lean and mean.
https://antixlinux.com
Top
User avatar
jdmeaux1952
Posts: 77
Joined: Wed Jan 08, 2014 11:55 pm

Re: URGENT -Dirty COW exploit - 64 bit antiX-16 users

#2 Post by jdmeaux1952 »

Thanks for the security update, anti.
MSI S6000 i5-460M 4Gb mem
I am not CrAzY. And I have a paper from the doctors to prove it!
LRU# 563815
Phear the Penguin
Top
User avatar
Eadwine Rose
Administrator
Posts: 11954
Joined: Wed Jul 12, 2006 2:10 am

Re: URGENT -Dirty COW exploit - 64 bit antiX-16 users

#3 Post by Eadwine Rose »

I just did a simulation command of this.. I don't see it replacing anything, just adding? Am I missing something?

Code: Select all

root@eadwine-mx16:/home/eadwine# apt-get -s install --reinstall linux-headers-4.4.10-antix.1-amd64-smp linux-image-4.4.10-antix.1-amd64-smp
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Suggested packages:
  linux-firmware-image-4.4.10-antix.1-amd64-smp
The following NEW packages will be installed:
  linux-headers-4.4.10-antix.1-amd64-smp linux-image-4.4.10-antix.1-amd64-smp
0 upgraded, 2 newly installed, 0 to remove and 1 not upgraded.
Inst linux-headers-4.4.10-antix.1-amd64-smp (4.4.10-antix.1-amd64-smp-2 antiX repository:3.1/jessie [amd64])
Inst linux-image-4.4.10-antix.1-amd64-smp (4.4.10-antix.1-amd64-smp-2 antiX repository:3.1/jessie [amd64])
Conf linux-headers-4.4.10-antix.1-amd64-smp (4.4.10-antix.1-amd64-smp-2 antiX repository:3.1/jessie [amd64])
Conf linux-image-4.4.10-antix.1-amd64-smp (4.4.10-antix.1-amd64-smp-2 antiX repository:3.1/jessie [amd64])
The 1 not upgraded is apt-notifier which we sort of pinned a while ago.
MX-23.2_x64 July 31 2023 * 6.1.0-20-amd64 ext4 Xfce 4.18.1 * 8core AMD Ryzen 7 2700
Asus TUF B450-Plus Gaming UEFI * Asus GTX 1050 Ti Nvidia 525.147.05 * 2x16Gb DDR4 2666 Kingston HyperX Predator
Samsung 860EVO * Samsung S24D330 & P2250 * HP Envy 5030
Top
User avatar
anticapitalista
Developer
Posts: 4165
Joined: Sat Jul 15, 2006 10:40 am

Re: URGENT -Dirty COW exploit - 64 bit antiX-16 users

#4 Post by anticapitalista »

The following NEW packages will be installed:
linux-headers-4.4.10-antix.1-amd64-smp linux-image-4.4.10-antix.1-amd64-smp

will replace the older, unsafe kernel with the safe, new one.
anticapitalista
Reg. linux user #395339.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - lean and mean.
https://antixlinux.com
Top
User avatar
Eadwine Rose
Administrator
Posts: 11954
Joined: Wed Jul 12, 2006 2:10 am

Re: URGENT -Dirty COW exploit - 64 bit antiX-16 users

#5 Post by Eadwine Rose »

Ah ok.. so that boots automagically then. Going to give this a whirl :)


And back after a reboot. This is what it did:

Code: Select all

eadwine@eadwine-mx16:~
$ su
Password: 
root@eadwine-mx16:/home/eadwine# apt-get update
Ign http://nl.mxrepo.com jessie InRelease
Hit http://ftp.nl.debian.org jessie-updates InRelease                                              
Ign http://nl.mxrepo.com mx15 InRelease                                                            
Ign http://nl.mxrepo.com mx16 InRelease                                                            
Ign http://ftp.nl.debian.org jessie InRelease                                                      
Ign http://dl.google.com stable InRelease                                                          
Hit http://nl.mxrepo.com jessie Release.gpg                                                        
Hit http://ftp.nl.debian.org jessie Release.gpg                                                    
Hit http://nl.mxrepo.com mx15 Release.gpg                                                          
Hit http://dl.google.com stable Release.gpg                                                        
Hit http://nl.mxrepo.com mx16 Release.gpg                                                          
Hit http://ftp.nl.debian.org jessie Release                                                        
Hit http://nl.mxrepo.com jessie Release                                                            
Hit http://nl.mxrepo.com mx15 Release                                                              
Hit http://nl.mxrepo.com mx16 Release                                                              
Hit http://dl.google.com stable Release                                                            
Get:1 http://ftp.nl.debian.org jessie-updates/main amd64 Packages/DiffIndex [6,916 B]              
Hit http://ftp.nl.debian.org jessie-updates/contrib amd64 Packages                                 
Get:2 http://ftp.nl.debian.org jessie-updates/non-free amd64 Packages/DiffIndex [736 B]            
Hit http://repository.spotify.com stable InRelease                                                 
Get:3 http://ftp.nl.debian.org jessie-updates/main i386 Packages/DiffIndex [6,916 B]               
Hit http://ftp.nl.debian.org jessie-updates/contrib i386 Packages                                  
Hit http://nl.mxrepo.com jessie/main amd64 Packages                                                
Get:4 http://ftp.nl.debian.org jessie-updates/non-free i386 Packages/DiffIndex [736 B]             
Hit http://ftp.nl.debian.org jessie-updates/contrib Translation-en                                 
Hit http://nl.mxrepo.com jessie/main i386 Packages                                                 
Get:5 http://ftp.nl.debian.org jessie-updates/main Translation-en/DiffIndex [2,704 B]              
Get:6 http://ftp.nl.debian.org jessie-updates/non-free Translation-en/DiffIndex [736 B]            
Hit http://ftp.nl.debian.org jessie/main amd64 Packages                                            
Hit http://ftp.nl.debian.org jessie/contrib amd64 Packages                                         
Hit http://ftp.nl.debian.org jessie/non-free amd64 Packages                                        
Hit http://nl.mxrepo.com mx15/main amd64 Packages                                                  
Hit http://security.debian.org jessie/updates InRelease                                            
Hit http://ftp.nl.debian.org jessie/main i386 Packages                                             
Hit http://nl.mxrepo.com mx15/non-free amd64 Packages                                              
Hit http://nl.mxrepo.com mx15/main i386 Packages                                      
Hit http://ftp.nl.debian.org jessie/contrib i386 Packages                                          
Hit http://nl.mxrepo.com mx15/non-free i386 Packages                                               
Hit http://ftp.nl.debian.org jessie/non-free i386 Packages                                         
Hit http://ftp.nl.debian.org jessie/contrib Translation-en                                         
Hit http://dl.google.com stable/main amd64 Packages                                                
Hit http://ftp.nl.debian.org jessie/main Translation-en                                            
Hit http://ftp.nl.debian.org jessie/non-free Translation-en                                        
Hit http://nl.mxrepo.com mx16/non-free amd64 Packages                                              
Hit http://security.debian.org jessie/updates/main amd64 Packages                                  
Hit http://nl.mxrepo.com mx16/main amd64 Packages                                                  
Hit http://nl.mxrepo.com mx16/non-free i386 Packages                                               
Hit http://nl.mxrepo.com mx16/main i386 Packages                                                   
Hit http://security.debian.org jessie/updates/contrib amd64 Packages                               
Hit http://security.debian.org jessie/updates/non-free amd64 Packages                              
Hit http://repository.spotify.com stable/non-free amd64 Packages                                   
Hit http://security.debian.org jessie/updates/main i386 Packages                                   
Hit http://security.debian.org jessie/updates/contrib i386 Packages                                
Ign http://nl.mxrepo.com jessie/main Translation-en_US                                             
Ign http://nl.mxrepo.com jessie/main Translation-en                                                
Hit http://security.debian.org jessie/updates/non-free i386 Packages                               
Hit http://security.debian.org jessie/updates/contrib Translation-en                               
Hit http://security.debian.org jessie/updates/main Translation-en                                  
Hit http://security.debian.org jessie/updates/non-free Translation-en                              
Hit http://repository.spotify.com stable/non-free i386 Packages                                    
Ign http://dl.google.com stable/main Translation-en_US                                             
Hit http://download.virtualbox.org jessie InRelease                                      
Ign http://dl.google.com stable/main Translation-en                                                
Hit http://download.virtualbox.org jessie/contrib amd64 Packages                         
Ign http://nl.mxrepo.com mx15/main Translation-en_US               
Ign http://repository.spotify.com stable/non-free Translation-en_US
Ign http://repository.spotify.com stable/non-free Translation-en   
Ign http://nl.mxrepo.com mx15/main Translation-en                  
Ign http://nl.mxrepo.com mx15/non-free Translation-en_US           
Ign http://nl.mxrepo.com mx15/non-free Translation-en
Ign http://nl.mxrepo.com mx16/main Translation-en_US
Ign http://nl.mxrepo.com mx16/main Translation-en
Ign http://nl.mxrepo.com mx16/non-free Translation-en_US
Ign http://nl.mxrepo.com mx16/non-free Translation-en
Ign https://mega.nz ./ InRelease             
Get:7 https://mega.nz ./ Release.gpg [481 B] 
Hit http://download.virtualbox.org jessie/contrib i386 Packages               
Get:8 https://mega.nz ./ Release [973 B]     
Get:9 https://mega.nz ./ Packages [2,273 B]                               
Ign http://download.virtualbox.org jessie/contrib Translation-en_US            
Ign http://download.virtualbox.org jessie/contrib Translation-en
Ign https://mega.nz ./ Translation-en_US
Ign https://mega.nz ./ Translation-en
Fetched 22.5 kB in 2s (9,202 B/s)
Reading package lists... Done
root@eadwine-mx16:/home/eadwine# apt-get dist-upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
The following packages have been kept back:
  apt-notifier
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
root@eadwine-mx16:/home/eadwine# apt-get install --reinstall linux-headers-4.4.10-antix.1-amd64-smp linux-image-4.4.10-antix.1-amd64-smp
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Suggested packages:
  linux-firmware-image-4.4.10-antix.1-amd64-smp
The following NEW packages will be installed:
  linux-headers-4.4.10-antix.1-amd64-smp linux-image-4.4.10-antix.1-amd64-smp
0 upgraded, 2 newly installed, 0 to remove and 1 not upgraded.
Need to get 43.5 MB of archives.
After this operation, 223 MB of additional disk space will be used.
Get:1 http://nl.mxrepo.com/antix/jessie/ jessie/main linux-headers-4.4.10-antix.1-amd64-smp amd64 4.4.10-antix.1-amd64-smp-2 [7,233 kB]
Get:2 http://nl.mxrepo.com/antix/jessie/ jessie/main linux-image-4.4.10-antix.1-amd64-smp amd64 4.4.10-antix.1-amd64-smp-2 [36.3 MB]
Fetched 43.5 MB in 14s (2,958 kB/s)                                                                
Selecting previously unselected package linux-headers-4.4.10-antix.1-amd64-smp.
(Reading database ... 209160 files and directories currently installed.)
Preparing to unpack .../linux-headers-4.4.10-antix.1-amd64-smp_4.4.10-antix.1-amd64-smp-2_amd64.deb ...
Unpacking linux-headers-4.4.10-antix.1-amd64-smp (4.4.10-antix.1-amd64-smp-2) ...
Selecting previously unselected package linux-image-4.4.10-antix.1-amd64-smp.
Preparing to unpack .../linux-image-4.4.10-antix.1-amd64-smp_4.4.10-antix.1-amd64-smp-2_amd64.deb ...
Unpacking linux-image-4.4.10-antix.1-amd64-smp (4.4.10-antix.1-amd64-smp-2) ...
Setting up linux-headers-4.4.10-antix.1-amd64-smp (4.4.10-antix.1-amd64-smp-2) ...
Setting up linux-image-4.4.10-antix.1-amd64-smp (4.4.10-antix.1-amd64-smp-2) ...
: Unable to find an initial ram disk that I know how to handle.
Will not try to make an initrd.
update-initramfs: Generating /boot/initrd.img-4.4.10-antix.1-amd64-smp
Generating grub configuration file ...
Found background: /usr/local/share/backgrounds/MX16/grub/maine-sunrise-grub.png
Found background image: /usr/local/share/backgrounds/MX16/grub/maine-sunrise-grub.png
Found linux image: /boot/vmlinuz-4.7.0-0.bpo.1-amd64
Found initrd image: /boot/initrd.img-4.7.0-0.bpo.1-amd64
Found linux image: /boot/vmlinuz-4.4.10-antix.1-amd64-smp
Found initrd image: /boot/initrd.img-4.4.10-antix.1-amd64-smp
Found memtest86+ image: /boot/memtest86+.bin
  No volume groups found
Found Windows 7 (loader) on /dev/sdb1
done
root@eadwine-mx16:/home/eadwine#
MX-23.2_x64 July 31 2023 * 6.1.0-20-amd64 ext4 Xfce 4.18.1 * 8core AMD Ryzen 7 2700
Asus TUF B450-Plus Gaming UEFI * Asus GTX 1050 Ti Nvidia 525.147.05 * 2x16Gb DDR4 2666 Kingston HyperX Predator
Samsung 860EVO * Samsung S24D330 & P2250 * HP Envy 5030
Top
User avatar
anticapitalista
Developer
Posts: 4165
Joined: Sat Jul 15, 2006 10:40 am

Re: URGENT -Dirty COW exploit - 64 bit antiX-16 users

#6 Post by anticapitalista »

Seems ok - didn't know you were using the antiX kernel on MX. Hope it works out ok for you.
anticapitalista
Reg. linux user #395339.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - lean and mean.
https://antixlinux.com
Top
User avatar
Eadwine Rose
Administrator
Posts: 11954
Joined: Wed Jul 12, 2006 2:10 am

Re: URGENT -Dirty COW exploit - 64 bit antiX-16 users

#7 Post by Eadwine Rose »

I never installed anything weird (kernels fall under weird for me), this is a default install with no weirdness adjustments.
MX-23.2_x64 July 31 2023 * 6.1.0-20-amd64 ext4 Xfce 4.18.1 * 8core AMD Ryzen 7 2700
Asus TUF B450-Plus Gaming UEFI * Asus GTX 1050 Ti Nvidia 525.147.05 * 2x16Gb DDR4 2666 Kingston HyperX Predator
Samsung 860EVO * Samsung S24D330 & P2250 * HP Envy 5030
Top
User avatar
v3g4n
Posts: 654
Joined: Sat Jan 16, 2016 8:20 pm

Re: URGENT -Dirty COW exploit - 64 bit antiX-16 users

#8 Post by v3g4n »

Looks like along with the 4.7 kernel that comes with MX 16 you are also the proud new owner of 4.4.10 from antiX. ;)
Top
User avatar
Eadwine Rose
Administrator
Posts: 11954
Joined: Wed Jul 12, 2006 2:10 am

Re: URGENT -Dirty COW exploit - 64 bit antiX-16 users

#9 Post by Eadwine Rose »

I have NO idea how to find out what is running or how this all works :laugh:

Did find this command:

$ uname -a
Linux eadwine-mx16 4.7.0-0.bpo.1-amd64 #1 SMP MX 4.7.8-1mx16+3 (2017-02-23) x86_64 GNU/Linux


There is one thing I DO know: my system works ;)
MX-23.2_x64 July 31 2023 * 6.1.0-20-amd64 ext4 Xfce 4.18.1 * 8core AMD Ryzen 7 2700
Asus TUF B450-Plus Gaming UEFI * Asus GTX 1050 Ti Nvidia 525.147.05 * 2x16Gb DDR4 2666 Kingston HyperX Predator
Samsung 860EVO * Samsung S24D330 & P2250 * HP Envy 5030
Top
Post Reply

Return to “antiX”