A new flaw has been discovered in the Linux operating system and judging from its guest appearance in the Daily Mail headlines, it’s bad in more ways than one. Good news is that patches are available/being worked on. If this all seems hella confusing and you just want to know what you have to do then read on!
The ‘zero-day local privilege escalation vulnerability’, which has the catchy name of CVE-2016-0728, was discovered knocking around in the keyring part of the Linux operating system by the Perception Point research team. It affects kernel versions higher than 3.8, so anyone on CentOS 7, Debian 8 or Ubuntu 14 onwards will want to look sharp.
What this translates to, according to Perception Point, is that it could have “implications for approximately tens of millions of Linux PCs and servers, and 66 percent of all Android devices (phones/tablets)” and would, in theory at least, give attackers control of systems.
As it’s a local exploit, rather than a remote one, it’s not on the same horror scale as Heartbleed or Shellshock. Think Tarentino, not Saw. The attacker would also need another way of worming into your server before they get a chance to run this exploit so ensuring the rest of your system is as secure as possible – as always, though particularly until a patch is issued – is vital.
More good news is that security teams across the board are on it, and once RedHat releases a patch users just need to update their systems and should be OK – the speedy chaps over at Debian and Ubuntu have already released patches for their operating systems!
So keep an eye out for more news, alert your security guys if you have them, and in the meantime best practices apply – use strong passwords and keep all your CMS’ (WordPress, Joomla and whatnot) up to date so the bad guys don’t get a chance to try and mess you up.
Another thing to note is that these things happen pretty regularly – we’re just flagging this one up because it’s been in the news and we don’t want anyone to panic!
*UPDATE – RedHat has now also issued a patch*
One of our clients? Need a hand with the update? We’re here to help – just give us a call.