3

Today I decided to follow the steps to patch my server from the dirty c0w vulnerability.

It's running Ubuntu 12.04 LTS:

uname -rv
3.2.0-87-generic #125-Ubuntu SMP Fri Jun 19 08:25:10 UTC 2015
uname -a
Linux webdev 3.2.0-87-generic #125-Ubuntu SMP Fri Jun 19 08:25:10 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

So, as every version prior to 3.2.0-113.155 are affected, I've ran the following command:

sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade

Everything went fine, I rebooted:

sudo reboot

But now that I check my version, it has not changed:

uname -rv
3.2.0-87-generic #125-Ubuntu SMP Fri Jun 19 08:25:10 UTC 2015

Did I miss something ? I double checked and I didn't get any error during during the upgrade.

Edit based on comments / answers

I ran sudo update-grub and got the following:

Generating grub.cfg ...
Warning: Setting GRUB_TIMEOUT to a non-zero value when GRUB_HIDDEN_TIMEOUT is set is no longer supported.
Found linux image: /boot/vmlinuz-3.2.0-87-generic
Found initrd image: /boot/initrd.img-3.2.0-87-generic
Found linux image: /boot/vmlinuz-3.2.0-86-generic
Found initrd image: /boot/initrd.img-3.2.0-86-generic
Found linux image: /boot/vmlinuz-3.2.0-85-generic
Found initrd image: /boot/initrd.img-3.2.0-85-generic
Found linux image: /boot/vmlinuz-3.2.0-84-generic
Found initrd image: /boot/initrd.img-3.2.0-84-generic
Found linux image: /boot/vmlinuz-3.2.0-83-generic
Found initrd image: /boot/initrd.img-3.2.0-83-generic
Found linux image: /boot/vmlinuz-3.2.0-82-generic
Found initrd image: /boot/initrd.img-3.2.0-82-generic
Found linux image: /boot/vmlinuz-3.2.0-80-generic
Found initrd image: /boot/initrd.img-3.2.0-80-generic
Found linux image: /boot/vmlinuz-3.2.0-79-generic
Found initrd image: /boot/initrd.img-3.2.0-79-generic
Found linux image: /boot/vmlinuz-2.6.32-38-server
Found initrd image: /boot/initrd.img-2.6.32-38-server
Found memtest86+ image: /memtest86+.bin
done

After a reboot still no change.

Ran dpkg --get-selections | grep linux and got:

libselinux1                                     install
linux-firmware                                  install
linux-headers-3.2.0-101                         install
linux-headers-3.2.0-101-generic                 install
linux-headers-3.2.0-102                         install
linux-headers-3.2.0-102-generic                 install
linux-headers-3.2.0-104                         install
linux-headers-3.2.0-104-generic                 install
linux-headers-3.2.0-106                         install
linux-headers-3.2.0-106-generic                 install
linux-headers-3.2.0-107                         install
linux-headers-3.2.0-107-generic                 install
linux-headers-3.2.0-109                         install
linux-headers-3.2.0-109-generic                 install
linux-headers-3.2.0-110                         install
linux-headers-3.2.0-110-generic                 install
linux-headers-3.2.0-111                         install
linux-headers-3.2.0-111-generic                 install
linux-headers-3.2.0-113                         install
linux-headers-3.2.0-113-generic                 install
linux-headers-3.2.0-86                          install
linux-headers-3.2.0-86-generic                  install
linux-headers-3.2.0-87                          install
linux-headers-3.2.0-87-generic                  install
linux-headers-3.2.0-89                          install
linux-headers-3.2.0-89-generic                  install
linux-headers-3.2.0-91                          install
linux-headers-3.2.0-91-generic                  install
linux-headers-3.2.0-92                          install
linux-headers-3.2.0-92-generic                  install
linux-headers-3.2.0-93                          install
linux-headers-3.2.0-93-generic                  install
linux-headers-3.2.0-94                          install
linux-headers-3.2.0-94-generic                  install
linux-headers-3.2.0-95                          install
linux-headers-3.2.0-95-generic                  install
linux-headers-3.2.0-96                          install
linux-headers-3.2.0-96-generic                  install
linux-headers-3.2.0-97                          install
linux-headers-3.2.0-97-generic                  install
linux-headers-3.2.0-98                          install
linux-headers-3.2.0-98-generic                  install
linux-headers-3.2.0-99                          install
linux-headers-3.2.0-99-generic                  install
linux-headers-server                            install
linux-image-2.6.32-38-server                    install
linux-image-3.2.0-79-generic                    install
linux-image-3.2.0-80-generic                    install
linux-image-3.2.0-82-generic                    install
linux-image-3.2.0-83-generic                    install
linux-image-3.2.0-84-generic                    install
linux-image-3.2.0-85-generic                    install
linux-image-3.2.0-86-generic                    install
linux-image-3.2.0-87-generic                    install
linux-libc-dev                                  install
util-linux                                      install

Seems like there is no new linux images in that list.

However, when I ran sudo apt-cache policy linux-image-generic it listed the new version as a candidate (it's in french but you get it):

linux-image-generic:
  Installé : (aucun)
  Candidat : 3.2.0.113.129
 Table de version :
     3.2.0.113.129 0
        500 http://fr.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages
     3.2.0.23.25 0
        500 http://fr.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
Raph Petrini
  • 161

3 Answers3

3

Ok I finally managed to upgrade.

Here's how I did it.

Based on Ron comment on my answer I decided to run:

sudo apt-get install linux-image-generic

That failed because of my /boot being full so I got rid of old versions by running:

sudo dpkg -r linux-image-3.2.0-79-generic
sudo dpkg -r linux-image-3.2.0-80-generic
sudo dpkg -r linux-image-3.2.0-82-generic
sudo dpkg -r linux-image-3.2.0-84-generic
sudo dpkg -r linux-image-3.2.0-85-generic

After that I ran:

sudo apt-get upgrade -f

Then reboot:

sudo reboot

And now, I'm running a "safe" version:

uname -rv
3.2.0-113-generic #155-Ubuntu SMP Tue Oct 18 17:53:59 UTC 2016

However, I still have no idea why running the following never worked:

sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade
Raph Petrini
  • 161
  • To answer your last question, my hunch is because /boot was full, automatic kernel updates stopped after revision 87... – WinEunuuchs2Unix Oct 27 '16 at 11:16
  • @WinEunuuchs2Unix that's what I assumed too, I just found it weird that I never got the /boot is full error until I ran sudo apt-get install linux-image-generic – Raph Petrini Oct 27 '16 at 11:17
2

Your uname -rv reveals your current kernel as:

3.2.0-87-generic #125-Ubuntu SMP Fri Jun 19 08:25:10 UTC 2015

The date is June 19, 2015 -- over one year old!

According to this: What is dirty COW bug that allows local user to gain administrative access? you should be using 3.2.0-113 I'm not sure how many kernel upgrades you've missed, but probably lots over 16 months (subtracting 87 from 113 = 26).

Since everyone and their dog in the Linux world has heard about Dirty COW by now you should put version 3.2.0-113 in ASAP. Until you find out why your Kernel hasn't been upgrading you can install the kernel manually. You didn't use uname -a so it's unknown if you are on 32-bit or 64-bit but I'll give the instructions for both.

Install Dirty COW fix for Ubuntu 32-Bit Generic

Go to: precise-updates/i386/linux-image-3.2.0-113 and select the link for your country to download the file. Your browser may give you a warning message. In Chrome click Keep.

The file is usually downloaded to your ~/Downloads directory but your browser can be user-configured for any location. We'll assume it's ~/Downloads so type the following:

cd ~/Downloads
sudo dpkg -i linux-image-3.2.0-113-generic_3.2.0-113.155_i386.deb
rm linux-image-3.2.0-113-generic_3.2.0-113.155_i386.deb
sudo reboot

Install Dirty COW fix for Ubuntu 64-Bit Generic

Go to: precise-updates/amd64/linux-image-3.2.0-113 and select the link for your country to download the file. Your browser may give you a warning message. In Chrome click Keep.

The file is usually downloaded to your ~/Downloads directory but your browser can be user-configured for any location. We'll assume it's ~/Downloads so type the following:

cd ~/Downloads
sudo dpkg -i linux-image-3.2.0-113-generic_3.2.0-113.155_amd64.deb
rm linux-image-3.2.0-113-generic_3.2.0-113.155_amd64.deb
sudo reboot

After rebooting type uname -a to confirm you are on Kernel version 3.2.0-113.

Community
  • 1
WinEunuuchs2Unix
  • 102,282
1

Maybe GRUB was not updated properly after running the commands.
Execute : sudo update-grub. Reboot the system and check it again.

In case the old kernel booted again, check whether the new was installed :
Execute the following command : dpkg --get-selections | grep linux

cl-netbox
  • 31,163
  • 7
  • 94
  • 131
  • See my edited question – Raph Petrini Oct 27 '16 at 07:35
  • Got it working see my answer – Raph Petrini Oct 27 '16 at 08:50
  • @RaphPetrini : I was just about to update my answer with these instructions ... I am glad that you solved it, but I would have suggested to purge all old headers and images except for the current and the one before to have a clean setup : sudo apt purge linux-headers-X linux-headers-X-generic linux-image-X-generic | ... note : replace X with the version numbers ! :) – cl-netbox Oct 27 '16 at 10:13
  • Thanks for the comment. I actually tried using sudo apt purge for those old headers. The command worked but my boot folder was still full. Using dpkg -r solved my issue – Raph Petrini Oct 27 '16 at 10:15