This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

Kernel Security Upgrade Required?

4 posts / 0 new

Topic locked

Last post

#1 Wed, 08/30/2006 - 09:22

GrahamWatts

Kernel Security Upgrade Required?

Hi Joe,

I've just had the following in a mail from my hosting company..

it has come to our attention that your server may be susceptable to a linux kernel vulnerability. This vulberability can lead to a root (administrative) compromise of the server.

Details of this vulnerability can be found here:

http://www.securityfocus.com/bid/18874/

I've tried running 'yum update kernel' but there isn't a new one available. Am I right in thinking that the packages come from your server?

Looking at dmesg I see a kernel version of 2.6.17-1.2142_FC4. Is this affected by the above vulnerability?

Regards

Graham

#2 Wed, 08/30/2006 - 10:10

GrahamWatts

Hmm,

Checking the security bulletein again is seems to be over 6 weeks old. My aplogies if the kernel has allready been updated.

Graham

#3 Wed, 08/30/2006 - 12:40

jpenix

Kernel upgrades still come from Fedora, not Virtualmin, so it's up to you to keep on top of Fedora security bulletins and ensure your system is updated.

In this particular case, a quick web search seems to indicate that the 2142 release of FC4's kernel has the fix for this vulnerability so it looks like you're okay.

#4 Wed, 08/30/2006 - 16:42

GrahamWatts

Hi Joshua,

Thanks for clearing that up for me.

Regards,

Graham

Topic locked