OVHcloud Bare Metal Cloud Status

Current status
Legend
  • Operational
  • Degraded performance
  • Partial Outage
  • Major Outage
  • Under maintenance
new #9 kernel images (CVE-2016-5195)
Scheduled Maintenance Report for Bare Metal Cloud
Completed
A vulnerability in the Linux kernel has been discovered that affects all Linux kernels.

While we are in the course of preparing a new OVH kernel based on the long-term 4.4 series, we cannot update our public default kernels to 4.4 just yet because of several issues, mostly due to hardware compatibility, that need to be resolved.

We have for now instead decided to recompile the currently used 3.14.32 kernel (that already includes patches for prior vulnerabilities) with a backported fix to this issue.

This patched kernel is available on our ftp server: ftp://ftp.ovh.net/made-in-ovh/bzImage/latest-production/
It has also been rolled out on our reinstallation system for dedicated servers (if no other kernel is chosen during reinstallation launch) as well as on our netboot services.

We strongly encourage all users on 3.14.32 kernels to update their system. If uncertain on which patchlevel you are, please refer to the output of \"uname -a\" - the fixed kernels have recompilation number 9 and todays date, for example:
# uname -a
Linux yourserver.ovh.net 3.14.32-xxxx-grs-ipv6-64 #9 SMP Thu Oct 20 14:53:52 CEST 2016 x86_64 GNU/Linux


For users of our \"test\" kernels, updated kernels of version 4.4.26 are provided as well: ftp://ftp.ovh.net/made-in-ovh/bzImage/latest-test/.

We'd like to thank grsecurity.net for providing us with the backported fix for 3.14.

Update(s):

Date: 2016-10-20 13:56:48 UTC
For more information about CVE-2016-5195, please refer to:
https://bugzilla.redhat.com/show_bug.cgi?id=1384344
https://access.redhat.com/security/vulnerabilities/2706661
http://dirtycow.ninja/
Posted Oct 20, 2016 - 13:54 UTC