Kernel Security Upgrade Required?

GrahamWatts · August 30, 2006, 2:22pm

Hi Joe,

I’ve just had the following in a mail from my hosting company…

it has come to our attention that your server may be susceptable to a linux
kernel vulnerability. This vulberability can lead to a root (administrative)
compromise of the server.

Details of this vulnerability can be found here:

http://www.securityfocus.com/bid/18874/

I’ve tried running ‘yum update kernel’ but there isn’t a new one available. Am I right in thinking that the packages come from your server?

Looking at dmesg I see a kernel version of 2.6.17-1.2142_FC4. Is this affected by the above vulnerability?

Regards

Graham

GrahamWatts · August 30, 2006, 3:10pm

Hmm,

Checking the security bulletein again is seems to be over 6 weeks old. My aplogies if the kernel has allready been updated.

Graham

jpenix · August 30, 2006, 5:40pm

Kernel upgrades still come from Fedora, not Virtualmin, so it’s up to you to keep on top of Fedora security bulletins and ensure your system is updated.

In this particular case, a quick web search seems to indicate that the 2142 release of FC4’s kernel has the fix for this vulnerability so it looks like you’re okay.

GrahamWatts · August 30, 2006, 9:42pm

Hi Joshua,

Thanks for clearing that up for me.

Regards,

Graham