I just learned about the Dirty COW vulnerability today (makes me a little late to the party) and I’m wondering if it’s still an issue in OpenSUSE?
Leap 42.2 uses 4.4.62-18.6 (at least in my case) and that’s not explicitly listed as one of the patched versions.
Thanks!
–Henry Wilson
From Wikipedia ( https://en.wikipedia.org/wiki/Dirty_COW ):
The bug has been lurking in the Linux kernel since version 2.6.22 released in September 2007, and there is information about been actively exploited at least since October 2016.[2]](https://en.wikipedia.org/wiki/Dirty_COW#cite_note-:0-2) The bug has been patched in Linux kernel versions 4.8.3, 4.7.9, 4.4.26 and newer.
And from my 42.2 system:
$ rpm -q kernel-default
kernel-default-4.4.62-18.6.1.x86_64
$ rpm -q --changelog kernel-default
...
* Thu Oct 20 2016 jslaby@suse.cz
- Linux 4.4.26 (bnc#1004418 CVE-2016-5195).
- commit 20a6466
...
And here’s the mentioned (open)SUSE bug report:
https://bugzilla.opensuse.org/show_bug.cgi?id=1004418So this vulnerability was fixed in 42.2 before the actual release… (which included kernel 4.4.27 already)
Ah, Thank you, sir!
FYI
Slidedeck for my presentation to my local Linux User Group last year (and re-presented last month due to interest), covers probably the two most impactful attacks that appeared in 2016. Both will continue to be serious issues for many years to come due to Linux devices that cannot or are not updated and exposed to the Internet.
http://slides.com/tonysu/2016-the-year-of-iot-and-taking-down-the-internet#/
Main topics:
Technical description of Dirty Cow
Also covers Mirai and Bashlight which the Internet really has no defense against (except maybe vigilance)
TSU