moneyslow.com

【高危漏洞预警】Ubuntu 16.04 内核本地提权漏洞

apt-get update 和 upgrade 的区别

apt-get update 和 upgrade 的区别

受影响范围:

Ubuntu 16.04 4.14 - 4.4 系列内核

阿里云解决方案:

1.缓解止血方案:

建议用户在评估风险后,通过修改内核参数缓解漏洞影响。

运行命令:#echo 1 > /proc/sys/kernel/unprivileged_bpf_disabled

完成缓解方案后,建议根据自身业务情况,再执行彻底解决方案。


2.彻底解决方案:

            经典网络环境下添加源:            

            # echo "deb http://mirrors.aliyuncs.com/ubuntu/ xenial-proposed main restricted universe multiverse" >> /etc/apt/sources.list

            VPC网络环境下添加源:

            # echo "deb http://mirrors.cloud.aliyuncs.com/ubuntu/ xenial-proposed main restricted universe multiverse" >> /etc/apt/sources.list

 

其他解决方案:

https://twitter.com/vnik5287/status/974439706896187392


all 4.4 ubuntu aws instances are vulnerable: echo "deb xenial-proposed restricted main multiverse universe" > /etc/apt/sources.list && apt update && apt install linux-image-4.4.0-117-generic

Exit mobile version