Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Does CPanel automatically patch / upgrade Kernel Vulnerabilities.

Discussion in 'General Discussion' started by infra001, Dec 21, 2008.

  1. infra001

    infra001 Registered

    Joined:
    Oct 20, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    151
    Hi there :)

    I have a CPanel server running CPanel 11.

    Details follow:

    Code:
    WHM 11.23.2 cPanel 11.23.6-S27698
    FEDORA 5 i686 on standard - WHM X v3.1.0 
    My server has been up just under a year, and I'm worried there could be an issue with the Kernel now, however I can't see to find any updates for it - so I'm assuming it's safe (..but would rather be 100% sure)

    System information follow:

    Code:
    root@removed [~]# uptime
     16:23:12 up 317 days,  8:00,  1 user,  load average: 0.49, 0.60, 0.51
    
    root@removed [~]# uname -a
    Linux some-secret-domain.com 2.6.20-1.2320.fc5smp #1 SMP Tue Jun 12 19:40:16 EDT 2007 i686 i686 i386 GNU/Linux
    
    Thanks for your input / help.
     
  2. zigzam

    zigzam Well-Known Member

    Joined:
    May 9, 2005
    Messages:
    206
    Likes Received:
    0
    Trophy Points:
    166
    It does not upgrade your kernel.

    You can use Yum to upgrade it if using Centos, but if you dont know what you are doing I would recommend getting a professional to do it for you.

    Also your kernel is very old and should be upgraded ASAP.
     
  3. sirotex

    sirotex Well-Known Member

    Joined:
    Jul 10, 2008
    Messages:
    121
    Likes Received:
    0
    Trophy Points:
    66
    Really you shouldn't use the default kernel anyways. Use grsec for linux.
     
  4. infra001

    infra001 Registered

    Joined:
    Oct 20, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    151
    I know this isn't really the place to ask, but I tried checking with Yum if there was a new Kernel. It seems I am running the latest... Which is well over a year old.

    As there's no newer version, would it be safe to assume that the kernel I'm running is therefore secure?

    My Kernel: 2.6.20-1.2320.fc5smp #1 SMP

    Code:
    root@secret [/etc/yum.repos.d]# yum search kernel |grep 2.6
    kernel-smp.i686                          2.6.15-1.2054_FC5      core
    kernel-xenU.i686                         2.6.15-1.2054_FC5      core
    cman-kernel-smp.i686                     2.6.15.1-0.FC5.16      core
    kernel-xen0-devel.i686                   2.6.15-1.2054_FC5      core
    GFS-kernel-smp.i686                      2.6.15.1-5.FC5.17      core
    gnbd-kernel-xen0.i686                    2.6.15-5.FC5.23        core
    GFS-kernel-xenU.i686                     2.6.15.1-5.FC5.17      core
    GFS-kernheaders.i686                     2.6.15.1-5.FC5.17      core
    iproute.i386                             2.6.15-1.2             core
    capabilities of the Linux 2.4.x and 2.6.x kernel.
    kernel-doc.noarch                        2.6.15-1.2054_FC5      core
    cman-kernheaders.i686                    2.6.15.1-0.FC5.16      core
    cman-kernel-xen0.i686                    2.6.15.1-0.FC5.16      core
    GFS-kernel-xen0.i686                     2.6.15.1-5.FC5.17      core
    kernel-xenU-devel.i686                   2.6.15-1.2054_FC5      core
    kernel.i686                              2.6.15-1.2054_FC5      core
    must be used. In the 2.6 series other device names may be used as
    gnbd-kernel-xenU.i686                    2.6.15-5.FC5.23        core
    kernel.i586                              2.6.15-1.2054_FC5      core
    User space tools for 2.6 kernel auditing.
    the audit subsystem in the Linux 2.6 kernel.
    kernel-devel.i686                        2.6.15-1.2054_FC5      core
    cman-kernel-xenU.i686                    2.6.15.1-0.FC5.16      core
    dlm-kernel-smp.i686                      2.6.15.1-0.FC5.14      core
    kernel-devel.i586                        2.6.15-1.2054_FC5      core
    kernel-kdump-devel.i686                  2.6.15-1.2054_FC5      core
    cman-kernel.i686                         2.6.15.1-0.FC5.16      core
    gnbd-kernel.i686                         2.6.15-5.FC5.23        core
    dlm-kernel.i686                          2.6.15.1-0.FC5.14      core
    kernel-smp-devel.i686                    2.6.15-1.2054_FC5      core
    kernel-kdump.i686                        2.6.15-1.2054_FC5      core
    gnbd-kernheaders.i686                    2.6.15-5.FC5.23        core
    dlm-kernheaders.i686                     2.6.15.1-0.FC5.14      core
    kernel-xen0.i686                         2.6.15-1.2054_FC5      core
    dlm-kernel-xen0.i686                     2.6.15.1-0.FC5.14      core
    gnbd-kernel-smp.i686                     2.6.15-5.FC5.23        core
    GFS-kernel.i686                          2.6.15.1-5.FC5.17      core
    dlm-kernel-xenU.i686                     2.6.15.1-0.FC5.14      core
    version 2.6.21, the kernel no longer has a fixed 1000Hz timer tick. This
    version 2.6.21, the kernel no longer has a fixed 1000Hz timer tick. This
    In the 2.6 series any device node the understands a SCSI command set
    kernel.i686                              2.6.20-1.2316.fc5      installed
    iproute.i386                             2.6.16-1.fc5           installed
    capabilities of the Linux 2.4.x and 2.6.x kernel.
    kernel-smp.i686                          2.6.20-1.2320.fc5      installed
    kernel-smp.i686                          2.6.20-1.2316.fc5      installed
    
     
  5. Voltar

    Voltar Well-Known Member

    Joined:
    Apr 30, 2007
    Messages:
    267
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    Bakersfield, California
    You're running Fedora 5, which hasn't been supported for a while now I believe. I doubt that there will be any new updates for the kernel, and I wouldn't consider it secure either.

    You might want to look into updating to a distribution that has a longer life cycle, like CentOS.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. infra001

    infra001 Registered

    Joined:
    Oct 20, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    151
    Upgrading the distribution would be a royal pain in the ass, especially at this time of the year.

    Is there any Custom Kernels you could recommend that won't fubar CPanel?
     
  7. Voltar

    Voltar Well-Known Member

    Joined:
    Apr 30, 2007
    Messages:
    267
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    Bakersfield, California
    You could compile a recent kernel with grsec and use that.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. StevenC

    StevenC Well-Known Member

    Joined:
    Jan 1, 2004
    Messages:
    252
    Likes Received:
    0
    Trophy Points:
    166
    Upgrading the operating system really isn't all that hard or time consuming.

    But if your going to need to compile a kernel from scratch. Be it a vanilla kernel or a kernel with grsecurity added to it.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. infra001

    infra001 Registered

    Joined:
    Oct 20, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    151
    Thanks for all your help, I decided I'm just going to attach a KVMoIP and upgrade the kernel remotely. Might think about a OS upgrade after the holidays.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice