Print
Category: TufinOS

Tufin has released a Security Announcement regarding "Dirty COW" (CVE-2016-5195)


Background:

A race condition has been found in the way the Linux kernel's memory subsystem handles the copy-on-write (COW) breakage of private read-only memory mappings.
An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings, and thus increase their privileges on the system.

Vulnerable Systems:

All versions of TufinOS are affected: TufinOS 1.8 - 1.22 as well as 2.00 - 2.12
Installations using Red Hat Enterprise Linux and CentOS are affected also. Please find a patch on the website of the Linux distribution itself.

Remediation:

Tufin will publish a fix for TufinOS 2.12 on November, 2nd. A fix for TufinOS 1.22 will be published after Red Hat has published a fix for RHEL 5.
If you are not running the latest version of TufinOS, you should upgrade to be able to install the fix.

 

Update (20161102):

The fix for TufinOS 2.x is included in TufinOS 2.13 which is available since November, 1st.
A patch for TufinOS 2.12 will be released on November, 6th. This is relevant if an update to TufinOS 2.13 isn't possilble.

Update (20161104):

The fix for TufinOS 1.x is included in TufinOS 1.23 which is available since November, 4th. An upgrade to this version is recommended if still TufinOS 1.x is used.
Please be aware that TufinOS 1.x reaches its End of Live (EOL) on March 31st, 2017 - as CentOS 5 does. After this date, no updates or security patches will be created for TufinOS 1.x, so upgrading to TufinOS 2.x before this date is recommended.