This ancient bug has came to light now as, there is code in the wild using the vuneralbility that makes patching the Kernel a necessity. Systems that use the Linux OS need patching. This includes Android devices.
My home server and workstation already had Automatic Security Updates activated but, my Kodi Media Center did not.
I first wanted to check if I had been patched
zgrep -ie "\(CVE-2016-2108\|CVE-2016-2107\)" /usr/share/doc/libssl1.0.0/changelog.Debian.gz
Should respond
Debian
* Fix CVE-2016-2107
* Fix CVE-2016-2108
* Fix CVE-2016-2108
Ubuntu
- debian/patches/CVE-2016-2107.patch: check that there are enough
- CVE-2016-2107
- debian/patches/CVE-2016-2108-1.patch: don't mishandle zero if it is
- debian/patches/CVE-2016-2108-2.patch: fix ASN1_INTEGER handling in
- CVE-2016-2108
- CVE-2016-2107
- debian/patches/CVE-2016-2108-1.patch: don't mishandle zero if it is
- debian/patches/CVE-2016-2108-2.patch: fix ASN1_INTEGER handling in
- CVE-2016-2108
If your Android device prompts you for a System Update, don't ignore it, run it.
Automatic Security Updates
To check if your Debian / Ubuntu system has Automatic Security Updates is installed, you can manually run it with verbose.
sudo apt-get update
sudo unattended-upgrades -v
sudo unattended-upgrades -v
If this gives an error then, it is not installed so execute
sudo dpkg-reconfigure --priority=low unattended-upgrades
Once installed, check that
cat /etc/apt/apt.conf.d/20auto-upgrades
This should result in
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::Unattended-Upgrade "1";
If not, edit the file and set APT::Periodic::Unattended-Upgrade to "1".
References:
https://dirtycow.ninja/
https://help.ubuntu.com/community/AutomaticSecurityUpdates
No comments:
Post a Comment