Linux kernel CVE-2012-0056 vulnerability


You have probably all heard about the recent local privilige escalation in recent Linux kernels by now. If not you can read all about it here.

This only affects our recent Ubuntu 11.10 “Oneiric” VPSs, which by default were installed with a Linux 3.0.4 kernel. The 3.0.4 kernel was also tested to work with some of our older distributions, which were shipped with 2.6.32.x kernel. None of the 2.6.32.x kerenls we use were affected by this vulnerability.

We quickly released a 3.2.1 kernel patched against the vulnerabilty when we heard about the proof of concept mempodipper exploit. After pushing that kernel out though, we found that it was not compatiable with all of our host servers.

We have now released some post 3.0.18 kernels which should be more compaitable across all of our hosts. These kernels are no longer vulnerable to the mempodipper exploit. Any users of Ubuntu 11.10 “Oneiric”, or users of other OSs that updated to a 3.0.4 kernel, are encouraged to upgrade to one of these newer kernels. You can go to your control panel here to upgrade:

https://rimuhosting.com/cp/vps/kernel.jsp

If you have any questions about upgrading your kernel, don’t hesitate to pop in a support ticket or jump in our live chat and ask any questions.