Re: vulnerability in 8.6

[Mike Oliver <mike@mopmeat.net>]

Can we confirm whether or not the kernel is already installed? Is the 
newest version in the kernel in /boot? It's unclear from what's been 
said if the system has even been rebooted into the updated kernel.


On 11/07/2016 08:55 AM, Eduardo M KALINOWSKI wrote:
> On Seg, 07 Nov 2016, Ozgur wrote:
> > I updated the Debian system and again exploit it successful.
>
> No, you didn't. (Well, kinda)
>
> > $ uname -ar
> > Linux x 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) 
> > x86_64
> > GNU/Linux
>
> That's not the latest version, and specifically is not the one in 
> which that vulnerability was fixed. You should have version 
> 3.16.36-1+deb8u2 .
>
> > ~$ cat /etc/apt/sources.list
> >
> > deb http://security.debian.org/ jessie/updates main contrib
> > deb-src http://security.debian.org/ jessie/updates main contrib
> >
> > deb http://ftp.debian.org/debian/ jessie-updates main contrib
> > deb-src http://ftp.debian.org/debian/ jessie-updates main contrib
> >
> > deb http://ftp.debian.org/debian/ jessie main contrib
> > deb-src http://ftp.debian.org/debian/ jessie main contrib
>
> Your sources seem correct, though. What does "apt-cache policy 
> linux-image-3.16.0-4-amd64" says?