You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2017-12-05 11:37:15
- ghp
- Member
- From: Zwevegem, Belgium
- Registered: 2017-05-08
- Posts: 22
Jessie & Huge Dirty Cow
Is Jessie's kernel vulnerable for Huge Dirty Cow?
It looks as if we're not using Transparent Huge Pages.
# cat /proc/meminfo | grep -i huge
returns nothing.
But, in case I'm mistaken: https://github.com/torvalds/linux/commi … 0b5740b1f0
Kind regards,
Gerard
Linux Registered User #94362
Offline
#2 2017-12-05 13:17:39
- fsmithred
- Administrator
- Registered: 2016-11-25
- Posts: 2,486
Re: Jessie & Huge Dirty Cow
Wasn't that fixed a year ago?
https://security-tracker.debian.org/tra … -2016-5195
Offline
#3 2017-12-06 13:43:56
- ghp
- Member
- From: Zwevegem, Belgium
- Registered: 2017-05-08
- Posts: 22
Re: Jessie & Huge Dirty Cow
No, that was Dirty Cow, and the fix contained a vulnerability in case Transparent Huge Pages were enabled, therefore the "Huge Dirty Cow".
https://security-tracker.debian.org/tra … 7-1000405/
Last edited by ghp (2017-12-06 13:47:37)
Linux Registered User #94362
Offline
#4 2017-12-06 14:41:28
- fsmithred
- Administrator
- Registered: 2016-11-25
- Posts: 2,486
Re: Jessie & Huge Dirty Cow
Your link shows that so far, it's only fixed in sid. That means it's also fixed in ceres. It's only been about a week, so I guess the fix will be moving down to testing and stable soon. Whenever that happens in debian, it will happen in devuan a minute or two later. I hope they fix it in oldstable, too.
aptitude -t sid search linux-image-4.14
p linux-image-4.14.0-1-amd64 - Linux 4.14 for 64-bit PCs
aptitude show linux-image-4.14.0-1-amd64
Package: linux-image-4.14.0-1-amd64
New: yes
State: not installed
Version: 4.14.2-1
apt-cache policy linux-image-4.14.0-1-amd64
linux-image-4.14.0-1-amd64:
Installed: (none)
Candidate: 4.14.2-1
Version table:
4.14.2-1 0
100 http://pkgmaster.devuan.org/merged/ ceres/main amd64 Packages
10 http://debian.csail.mit.edu/debian/ sid/main amd64 PackagesOffline
Pages: 1
