SFTP Gateway Support

3.0

Kernel CVE

Overview

In version 3.4.4 of SFTP Gateway, or any version where you've run OS updates, you may be vulnerable to CVE-2023-3269.

CVE-2023-3269 is a vulnerability which exists in the memory management subsystem of the Linux kernel and exists in Linux kernel versions 6.1 - 6.4.

For more information on the CVE, check out the Ubuntu Security Report and this article which explains the CVE more in-depth.

Note: We do not recommend updating the kernel unless you're receiving security alerts due to CVE-2023-3269.

VM Vulnerability Check

To check your current kernel version, you can run this command:

uname -r

If you're inside the vulnerability range, 6.1 - 6.4, you may want to consider upgrading the kernel to version 6.5.5 which we have instructions for below.

However, before making any kernel updates or changes, we recommend exporting a backup artifact of your Users and Settings, which you can do by following our article on the upgrade/recovery process for SFTP Gateway.

Upgrading the Kernel Version

To upgrade the kernel to version 6.5.5, you will need to download the kernel image and modules, install them and then reboot the VM.

First, elevate your privileges to root:

sudo su

Download the 6.5.5 kernel image and modules using wget:

wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v6.5.5/amd64/linux-image-unsigned-6.5.5-060505-generic_6.5.5-060505.202309230703_amd64.deb
 
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v6.5.5/amd64/linux-modules-6.5.5-060505-generic_6.5.5-060505.202309230703_amd64.deb

Give the image and modules execute permissions:

chmod +x *

Install the kernel:

sudo dpkg --install *.deb

Reboot the VM:

reboot

Rerun the command to check your kernel version:

uname -r

You should now see this output, showing you're on kernel version 6.5.5:

Linux 6.5.5-060505-generic
PreviousNext