Very serious security problem has been found in the Linux kernel. Local privilege escalation vulnerability has existed since 2012. This bug affects millions of Android or Linux applications to escalate privileges. Any server or desktop (32 or 64 bit) with Linux Kernel version 3.8+ is vulnerable. How do I fix this problem?<\/p>\n
<\/p>\n
As per the original research post:<\/p>\n
CVE-2016-0728 is caused by a reference leak in the keyrings facility. Before we dive into the details, let\u2019s cover some background required to understand the bug. It can successfully escalates privileges from a local user to root.<\/p>\n
A list of affected Linux distros<\/p>\n
Is my Linux distro version affected by CVE-2016-0728? The “Possible use-after-free vulnerability in keyring facility, CVE-2016-0728” are as follows:<\/p>\n
Red Hat Enterprise Linux 7
\nCentOS Linux 7
\nScientific Linux 7
\nDebian Linux stable 8.x (jessie)
\nDebian Linux testing 9.x (stretch)
\nSUSE Linux Enterprise Desktop 12
\nSUSE Linux Enterprise Desktop 12 SP1
\nSUSE Linux Enterprise Server 12
\nSUSE Linux Enterprise Server 12 SP1
\nSUSE Linux Enterprise Workstation Extension 12
\nSUSE Linux Enterprise Workstation Extension 12 SP1
\nUbuntu Linux 14.04 LTS (Trusty Tahr)
\nUbuntu Linux 15.04 (Vivid Vervet)
\nUbuntu Linux 15.10 (Wily Werewolf)
\nOpensuse Linux LEAP and version 13.2<\/p>\n
Type the commands as per your Linux distro. You need to reboot the box. Before you apply patch, note down your current kernel version:<\/p>\n
# uname -a\nLinux test.server.com 3.10.0-123.20.1.el7.x86_64 #1 SMP Thu Jan 29 18:05:33 UTC 2015 x86_64 x86_64 x86_64 GNU\/Linux\n# uname -mrs\nLinux 3.10.0-123.20.1.el7.x86_64 x86_64\n<\/pre>\nOn Debian\/Ubuntu:<\/h3>\n
# apt-get update && apt-get upgrade && apt-get dist-upgrade\n<\/pre>\nAfter update is finished reboot the server.<\/p>\n
On RHEL\/Centos 7:<\/h3>\n