- 检查是否受影响:
wget https://access.redhat.com/sites/default/files/rh-cve-2016-5195_1.sh bash ~/rh-cve-2016-5195_1.sh Your kernel is 2.6.32-358.6.2.el6.x86_64 which IS vulnerable.
- 修改 /etc/yum.conf, 删除掉exclude的kernel部分
#exclude=*.i?86
kernelkernel-xen kernel-debug exclude=*.i?86 kernel-xen kernel-debug - 执行升级
yum update kernel Loaded plugins: fastestmirror Setting up Update Process Loading mirror speeds from cached hostfile * base: mirrors.aliyuncs.com * epel: mirrors.aliyuncs.com * extras: mirrors.aliyuncs.com * updates: mirrors.aliyuncs.com base | 3.7 kB 00:00 epel | 4.3 kB 00:00 extras | 3.4 kB 00:00 updates | 3.4 kB 00:00 Resolving Dependencies --> Running transaction check ---> Package kernel.x86_64 0:2.6.32-642.6.2.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================== Package Arch Version Repository Size ============================================================================================================================================================== Installing: kernel x86_64 2.6.32-642.6.2.el6 updates 32 M Transaction Summary ============================================================================================================================================================== Install 1 Package(s) Total download size: 32 M Installed size: 131 M Is this ok [y/N]: y Downloading Packages: kernel-2.6.32-642.6.2.el6.x86_64.rpm | 32 MB 00:31 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : kernel-2.6.32-642.6.2.el6.x86_64 1/1 Verifying : kernel-2.6.32-642.6.2.el6.x86_64 1/1 Installed: kernel.x86_64 0:2.6.32-642.6.2.el6 Complete!
- 重启服务器
reboot
- 再次执行脚本,确认修复
bash ~/rh-cve-2016-5195_1.sh Your kernel is 2.6.32-642.6.2.el6.x86_64 which is NOT vulnerable.