Welcome!
Important information
-- Spectre and Meltdown vulnerabilities
-- Change in MX sources

News
-- MX Linux on social media: here
-- Mepis support still here

Current releases
-- MX-17.1 Final release info here
-- antiX-17 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

Most serious” Linux privilege-escalation bug ever is under active exploit

Locked
Message
Author
User avatar
richb
Administrator
Posts: 17098
Joined: Wed Jul 12, 2006 2:17 pm

Most serious” Linux privilege-escalation bug ever is under active exploit

#1 Post by richb » Sat Oct 22, 2016 1:06 pm

All Linux kernels for several years have a vulnerability that can be exploited to escalate privileges and allow a hacker to gain access to the root system. the default kernel for Kernel for MX-14 will need to be replaced with 3.16 wheezy-backports kernel (3.16.36-1+deb8u2~bpo70+1) and headers packages. You are strongly urged to install this patched kernel.

The MX-15 kernels, both 32 and 64, bit have been patched to correct this vulnerability. The patched kernels will show as an upgrade in apt-notifier for MX-15. You are strongly urged to accept this upgrade.

Liquorix kernels:

All vulnerable 3.x & 4.x linux-liquorix kernels have been removed from the MX-14 & MX-15 repositories.
The 4.7 & 4.8 linux-liquorix kernels in the MX-15 repository have been patched.

This is a video explaining the situation.

Dirty Cow, CVE-2016-5195, and MX-15. (Don't worry, new kernels are already up).
Forum Rules
Guide - How to Ask for Help

Rich
SSD Production: MX 17.1
AMD A8 7600 FM2+ CPU R7 Graphics, 16 GIG Mem. Three Samsung EVO SSD's 250 GB, 350 GB HD

User avatar
Eadwine Rose
Forum Veteran
Forum Veteran
Posts: 6054
Joined: Wed Jul 12, 2006 2:10 am

Re: Most serious” Linux privilege-escalation bug ever is under active exploit

#2 Post by Eadwine Rose » Sat Oct 22, 2016 2:19 pm

Will these show as upgrades in syna...

never mind:

Code: Select all

linux-compiler-gcc-4.9-x86 (version 4.2.6-3~bpo8+2) will be upgraded to version 4.2.6-3~bpo8+3
linux-headers-4.2.0-0.bpo.1-amd64 (version 4.2.6-3~bpo8+2) will be upgraded to version 4.2.6-3~bpo8+3
linux-headers-4.2.0-0.bpo.1-common (version 4.2.6-3~bpo8+2) will be upgraded to version 4.2.6-3~bpo8+3
linux-image-4.2.0-0.bpo.1-amd64 (version 4.2.6-3~bpo8+2) will be upgraded to version 4.2.6-3~bpo8+3
linux-libc-dev (version 3.16.36-1+deb8u2) will be upgraded to version 4.2.6-3~bpo8+3
mx-packageinstaller-pkglist (version 16.8mx15) will be upgraded to version 16.10mx16
Is this the one you are talking about Rich?
MX-17.1_x64 Horizon 14-3-2018 * 4.15.0-1-amd64 ext4 Xfce 4.12.3 * AMD Asus M4A785TD-V EVO AM3 * ASUS GF GT640-1GD5-L NVIDIA 384.130 * AMD Proc. Athl II X4 635, sAM3 * HDA ATI SB VT1708S An * 2x4Gb DDR3 1600 Kingst * 22" Samsung SyncM P2250 * HP F2280

User avatar
richb
Administrator
Posts: 17098
Joined: Wed Jul 12, 2006 2:17 pm

Re: Most serious” Linux privilege-escalation bug ever is under active exploit

#3 Post by richb » Sat Oct 22, 2016 3:41 pm

yes
Forum Rules
Guide - How to Ask for Help

Rich
SSD Production: MX 17.1
AMD A8 7600 FM2+ CPU R7 Graphics, 16 GIG Mem. Three Samsung EVO SSD's 250 GB, 350 GB HD

User avatar
Eadwine Rose
Forum Veteran
Forum Veteran
Posts: 6054
Joined: Wed Jul 12, 2006 2:10 am

Re: Most serious” Linux privilege-escalation bug ever is under active exploit

#4 Post by Eadwine Rose » Sat Oct 22, 2016 4:00 pm

Upgraded, rebooted, all is still well in my world :) thanks!
MX-17.1_x64 Horizon 14-3-2018 * 4.15.0-1-amd64 ext4 Xfce 4.12.3 * AMD Asus M4A785TD-V EVO AM3 * ASUS GF GT640-1GD5-L NVIDIA 384.130 * AMD Proc. Athl II X4 635, sAM3 * HDA ATI SB VT1708S An * 2x4Gb DDR3 1600 Kingst * 22" Samsung SyncM P2250 * HP F2280

Locked

Return to “General”