受影响范围:
Ubuntu 16.04 4.14 - 4.4 系列内核
阿里云解决方案:
1.缓解止血方案:
建议用户在评估风险后,通过修改内核参数缓解漏洞影响。
运行命令:#echo 1 > /proc/sys/kernel/unprivileged_bpf_disabled
完成缓解方案后,建议根据自身业务情况,再执行彻底解决方案。
2.彻底解决方案:
-
添加 xenial-proposed 源,可以按如下操作:
经典网络环境下添加源:
# echo "deb http://mirrors.aliyuncs.com/ubuntu/ xenial-proposed main restricted universe multiverse" >> /etc/apt/sources.list
VPC网络环境下添加源:
# echo "deb http://mirrors.cloud.aliyuncs.com/ubuntu/ xenial-proposed main restricted universe multiverse" >> /etc/apt/sources.list
-
执行命令 # apt update && apt install linux-image-generic
-
重启机器 # reboot
-
验证方案 检测内核是否安装, 使用# uname -a 查看,如果内核版本为 4.4.0-117 即修复成功
其他解决方案:
https://twitter.com/vnik5287/status/974439706896187392
all 4.4 ubuntu aws instances are vulnerable: echo "deb http://archive.ubuntu.com/ubuntu/ xenial-proposed restricted main multiverse universe" > /etc/apt/sources.list && apt update && apt install linux-image-4.4.0-117-generic