A vulnerability in the Linux kernel has been discovered that possibly affects all kernels since version 3.8.
Regarding the OVH Kernel:
- It wasn't possible to prove that the OVH kernel is either affected or not affected by this issue, as a consequence we recompiled the current production kernel (3.14.32) with the patch fixing this issue.
- The updated kernel images are available here: ftp://ftp.ovh.net/made-in-ovh/bzImage/latest-production/ - Netboot and installation images are updated accordingly.
Regarding distribution kernels:
- Debian: Wheezy (7) and Squeeze (6) are not affected. Jessie (and kernels from the jessie-backports repository) are affected, updates are available.
- Ubuntu: updates are available for the affected versions (14.04 \"Trusty\", 15.04 \"Vivid\", 15.10 \"Wily\")
- CentOS: only CentOS 7 is affected, updated kernels are available.
- ArchLinux: updates to 4.3.3-3 and 4.4-4 are available (https://bugs.archlinux.org/task/47820)
- Fedora: updates are now available as well (2016-01-21)
- OpenSUSE: updates are now available as well (2016-01-21)
- Gentoo: updates are available (sys-kernel/gentoo-sources/gentoo-sources-4.1.15-r1)
- Proxmox VE: vulnerable, no update available as of now