Users are urged to update their systems immediately

Dec 8, 2016 23:59 GMT  ·  By

Just the other day we reported on the general availability of a kernel update for the shared hosting-oriented CloudLinux OS 7 operating system, and today a new patch is available for those running KernelCare.

If you're not familiar with KernelCare, it's a commercial kernel live patching technology developed and provided by CloudLinux to its CloudLinux OS users. We've discussed CloudLinux's KernelCare in a previous report if you're curious to test drive it.

However, today we'd like to inform those of you using CloudLinux 7 that a patch is now available for you if you're using KernelCare, and it looks like it addresses the recently discovered race condition in Linux kernel's af_packet implementation. The security flaw, however, does not affect CloudLinux 5 and 6.

"The patch for fixing the CVE-2016-8655 issue in CloudLinux OS 7 is now available using KernelCare. We are working on releasing CloudLinux 7 kernel that fixes the issue soon. CloudLinux OS 5 & 6 are NOT affected," explained Igor Seletskiy, CEO at CloudLinux.

Fixed CloudLinux OS 7 kernel is coming soon

CVE-2016-8655 is the latest kernel vulnerability everyone is talking about lately, and it appears to allow an unprivileged local attacker to crash the vulnerable system by causing a denial of service or running programs with administrative privileges (as root).

The issue was recently patched by Canonical in all supported Ubuntu Linux operating systems, and it might be fixed in other actively developed GNU/Linux distributions, so make sure that you update the kernel packages as soon as possible.

The CloudLinux team promises to release a fixed kernel version for CloudLinux 7 users in the coming days. Stay tuned for more updates on the latest CloudLinux 7 kernel releases right here on this space, and remember, always keep your OS up to date.