Kernel Vulnerability in Ubuntu 8.04 and so Elyssa

Releases and other announcements
Forum rules
Section reserved for the team. You can reply to announcements here but not post new topics.

Kernel Vulnerability in Ubuntu 8.04 and so Elyssa

Postby Husse on Wed Jun 04, 2008 7:15 am

This kernel vulnerability could allow a local attacker to cause a system crash, leading to a DoS (Denial of Service)

Quoted from
http://news.softpedia.com/news/Kernel-V ... 7195.shtml
While it is bad it is not to serious if it really is limited to a local attacker
I would not recommend upgrading the kernel as Elyssa is Beta and it will literally break everything
The upgraded kernel should of course preferably be in the final version, but it is impossible at this late stage. We would have to start from scratch...
It is a serious vulnerability, but it can only be performed by a local attacker, not over the internet, so the danger may not be all that high.
I will do an update on a nvidia system and see how difficult it is to get back after an update
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19714
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Linux Mint is funded by ads and donations.
 

Re: Kernel Vulnerability in Ubuntu 8.04 and so Elyssa

Postby Husse on Thu Jun 05, 2008 5:54 pm

I updated the kernel and nothing happened more than that I now have linux-image-2.6.24-18-generic 2.6.24-18.32
Even the nvidia driver is ok...
It seems to be ok to temporarily allow level 4 and 5 in mintUpdate to be updated
But please note that
software such as VirtualBox will not work anymore, therefore you must recompile the kernel module by issuing a specific command in the terminal. Moreover, if you use the linux-restricted-modules package, you have to update it as well to get modules which work with the new Linux kernel version.

My nvidia driver is installed with Envy.... I have nothing installed with the restricted-modules at all
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19714
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Kernel Vulnerability in Ubuntu 8.04 and so Elyssa

Postby Kynan on Thu Jun 05, 2008 7:39 pm

I tried the update as well and only one program broke "skype" but it was easily fixed by going to "edit" "fix broken packages" in synaptic.
Seems stable to me so far...no major perceivable differences.
Normal people believe that if it ain't broke, don't fix it.
Engineers believe that if it ain't broke, it doesn't have enough features yet.
Image
User avatar
Kynan
Level 4
Level 4
 
Posts: 246
Joined: Thu Oct 04, 2007 7:39 pm

Re: Kernel Vulnerability in Ubuntu 8.04 and so Elyssa

Postby Husse on Fri Jun 06, 2008 5:08 am

Well it broke wireless in my laptop (I can see my AP but not connect - a WPA problem)
This is as I stated not a very large problem, but can have large consequences in other areas
I should have stressed that an update can work, but that in general you should not take the risk that your system breaks for a vulnerability that is only local.
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19714
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Kernel Vulnerability in Ubuntu 8.04 and so Elyssa

Postby AK Dave on Mon Jun 09, 2008 2:47 pm

My laptop has the -19 kernel from proposed. Will check WPA tonight and confirm wireless works and WPA works.
User avatar
AK Dave
Level 6
Level 6
 
Posts: 1043
Joined: Wed May 14, 2008 3:39 pm
Location: Anchorage, AK USA


Return to Releases & Announcements

Who is online

Users browsing this forum: No registered users and 2 guests