The officially official Devuan Forum!

You are not logged in.

#1 2017-12-05 11:37:15

ghp
Member
From: Zwevegem, Belgium
Registered: 2017-05-08
Posts: 6

Jessie & Huge Dirty Cow

Is Jessie's kernel vulnerable for Huge Dirty Cow?

It looks as if we're not using Transparent Huge Pages.

# cat /proc/meminfo | grep -i huge

returns nothing.


But, in case I'm mistaken: https://github.com/torvalds/linux/commi … 0b5740b1f0

Kind regards,

Gerard

Offline

#2 2017-12-05 13:17:39

fsmithred
Administrator
Registered: 2016-11-25
Posts: 471

Re: Jessie & Huge Dirty Cow

Offline

#3 2017-12-06 13:43:56

ghp
Member
From: Zwevegem, Belgium
Registered: 2017-05-08
Posts: 6

Re: Jessie & Huge Dirty Cow

No, that was Dirty Cow, and the fix contained a vulnerability in case Transparent Huge Pages were enabled, therefore the "Huge Dirty Cow".

https://security-tracker.debian.org/tra … 7-1000405/

Last edited by ghp (2017-12-06 13:47:37)

Offline

#4 2017-12-06 14:41:28

fsmithred
Administrator
Registered: 2016-11-25
Posts: 471

Re: Jessie & Huge Dirty Cow

Your link shows that so far, it's only fixed in sid. That means it's also fixed in ceres. It's only been about a week, so I guess the fix will be moving down to testing and stable soon. Whenever that happens in debian, it will happen in devuan a minute or two later. I hope they fix it in oldstable, too.

aptitude -t sid search linux-image-4.14
p   linux-image-4.14.0-1-amd64                           - Linux 4.14 for 64-bit PCs


aptitude show linux-image-4.14.0-1-amd64
Package: linux-image-4.14.0-1-amd64      
New: yes
State: not installed
Version: 4.14.2-1


apt-cache policy linux-image-4.14.0-1-amd64
linux-image-4.14.0-1-amd64:
  Installed: (none)
  Candidate: 4.14.2-1
  Version table:
     4.14.2-1 0
        100 http://pkgmaster.devuan.org/merged/ ceres/main amd64 Packages
         10 http://debian.csail.mit.edu/debian/ sid/main amd64 Packages

Offline

Board footer