- 检查是否受影响:
wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh
bash ~/rh-cve-2016-5195_1.sh
Your kernel is 2.6.32-358.6.2.el6.x86_64 which IS vulnerable.
- 修改 /etc/yum.conf, 删除掉exclude的kernel部分
#exclude=*.i?86 kernel kernel-xen kernel-debug
exclude=*.i?86 kernel-xen kernel-debug
- 执行升级
yum update kernel
Loaded plugins: fastestmirror
Setting up Update Process
Loading mirror speeds from cached hostfile
* base: mirrors.aliyuncs.com
* epel: mirrors.aliyuncs.com
* extras: mirrors.aliyuncs.com
* updates: mirrors.aliyuncs.com
base | 3.7 kB 00:00
epel | 4.3 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
Resolving Dependencies
--> Running transaction check
---> Package kernel.x86_64 0:2.6.32-642.6.2.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
==============================================================================================================================================================
Package Arch Version Repository Size
==============================================================================================================================================================
Installing:
kernel x86_64 2.6.32-642.6.2.el6 updates 32 M
Transaction Summary
==============================================================================================================================================================
Install 1 Package(s)
Total download size: 32 M
Installed size: 131 M
Is this ok [y/N]: y
Downloading Packages:
kernel-2.6.32-642.6.2.el6.x86_64.rpm | 32 MB 00:31
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : kernel-2.6.32-642.6.2.el6.x86_64 1/1
Verifying : kernel-2.6.32-642.6.2.el6.x86_64 1/1
Installed:
kernel.x86_64 0:2.6.32-642.6.2.el6
Complete!
- 重启服务器
reboot
- 再次执行脚本,确认修复
bash ~/rh-cve-2016-5195_1.sh
Your kernel is 2.6.32-642.6.2.el6.x86_64 which is NOT vulnerable.