Kernel Security Upgrade Required?

4 posts / 0 new
Last post
#1 Wed, 08/30/2006 - 09:22
GrahamWatts

Kernel Security Upgrade Required?

Hi Joe,

I've just had the following in a mail from my hosting company..

it has come to our attention that your server may be susceptable to a linux kernel vulnerability. This vulberability can lead to a root (administrative) compromise of the server.

Details of this vulnerability can be found here:

http://www.securityfocus.com/bid/18874/

I've tried running 'yum update kernel' but there isn't a new one available. Am I right in thinking that the packages come from your server?

Looking at dmesg I see a kernel version of 2.6.17-1.2142_FC4. Is this affected by the above vulnerability?

Regards

Graham

Wed, 08/30/2006 - 10:10
GrahamWatts

Hmm,

Checking the security bulletein again is seems to be over 6 weeks old. My aplogies if the kernel has allready been updated.

Graham

Wed, 08/30/2006 - 12:40
jpenix

Kernel upgrades still come from Fedora, not Virtualmin, so it's up to you to keep on top of Fedora security bulletins and ensure your system is updated.

In this particular case, a quick web search seems to indicate that the 2142 release of FC4's kernel has the fix for this vulnerability so it looks like you're okay.

Wed, 08/30/2006 - 16:42
GrahamWatts

Hi Joshua,

Thanks for clearing that up for me.

Regards,

Graham

Topic locked