14 DAY TRIAL // We reported the other day that an ancient bug, which existed in the Linux kernel since 2005, was patched in several recent updates, namely Linux kernel 4.8.3, Linux kernel 4.7.9, and Linux kernel 4.4.26 LTS.
One day later, the maintainers of other supported Linux kernel branches patched the bug, which is dubbed by researchers "Dirty COW" and documented as CVE-2016-5195. As such, today we'd like to inform those running GNU/Linux distributions powered by kernels from the Linux 3.16, 3.12, 3.10, and 3.2 series that new updates are available for their systems.
The "Dirty COW" vulnerability, which is tagged in the appended shortlogs of the new kernel versions mentioned above as "mm: remove gup_flags FOLL_WRITE games from __get_user_pages()", was patched by Linus Torvalds himself. The security flaw could have allowed local users to write to any file they can read. In other words, a local attacker could have gained administrative privileges to the affected system.
Users are urged to update their system immediately
All these kernel branches are long-term supported (LTS), so it's imperative that you update your Linux-based systems to either Linux kernel 3.16.38 LTS, Linux kernel 3.12.66 LTS, Linux kernel 3.10.104 LTS, or Linux kernel 3.2.83 LTS as soon as the new versions arrive in the stable software repositories of your favorite GNU/Linux operating system.
On the other hand, we urge OS vendors to download the sources of Linux kernels 3.16.38 LTS, 3.12.66 LTS, 3.10.104 LTS, as well as 3.2.83 LTS right now from the kernel.org website or via ours by clicking the highlighted link, compile and tweak the new kernel versions for their supported hardware architectures, and push them to the stable channels as soon as possible for users to update.