升级阿里云centos kernel修复CVE-2016-5195(Dirty COW)

  1. 检查是否受影响:
    wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh
    bash ~/rh-cve-2016-5195_1.sh
    Your kernel is 2.6.32-358.6.2.el6.x86_64 which IS vulnerable.
    
  2. 修改 /etc/yum.conf, 删除掉exclude的kernel部分
    #exclude=*.i?86 kernel kernel-xen kernel-debug
    exclude=*.i?86 kernel-xen kernel-debug
  3. 执行升级
    yum update kernel
    Loaded plugins: fastestmirror
    Setting up Update Process
    Loading mirror speeds from cached hostfile
     * base: mirrors.aliyuncs.com
     * epel: mirrors.aliyuncs.com
     * extras: mirrors.aliyuncs.com
     * updates: mirrors.aliyuncs.com
    base                                                                                                                                   | 3.7 kB     00:00     
    epel                                                                                                                                   | 4.3 kB     00:00     
    extras                                                                                                                                 | 3.4 kB     00:00     
    updates                                                                                                                                | 3.4 kB     00:00     
    Resolving Dependencies
    --> Running transaction check
    ---> Package kernel.x86_64 0:2.6.32-642.6.2.el6 will be installed
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    ==============================================================================================================================================================
     Package                           Arch                              Version                                         Repository                          Size
    ==============================================================================================================================================================
    Installing:
     kernel                            x86_64                            2.6.32-642.6.2.el6                              updates                             32 M
    
    Transaction Summary
    ==============================================================================================================================================================
    Install       1 Package(s)
    
    Total download size: 32 M
    Installed size: 131 M
    Is this ok [y/N]: y
    Downloading Packages:
    kernel-2.6.32-642.6.2.el6.x86_64.rpm                                                                                                   |  32 MB     00:31     
    Running rpm_check_debug
    Running Transaction Test
    Transaction Test Succeeded
    Running Transaction
      Installing : kernel-2.6.32-642.6.2.el6.x86_64                                                                                                           1/1 
      Verifying  : kernel-2.6.32-642.6.2.el6.x86_64                                                                                                           1/1 
    
    Installed:
      kernel.x86_64 0:2.6.32-642.6.2.el6                                                                                                                          
    
    Complete!
    
    
  4. 重启服务器
    reboot
  5. 再次执行脚本,确认修复
    bash ~/rh-cve-2016-5195_1.sh
    Your kernel is 2.6.32-642.6.2.el6.x86_64 which is NOT vulnerable.
    

 

留下评论

电子邮件地址不会被公开。 必填项已用*标注