Page 1 of 1
Security alert for the kernel
Posted: Sun Nov 30, 2008 10:24 am
by Husse
Several more or less critical flaws has been patched on Thursday November 27
http://news.softpedia.com/news/Newly-Di ... 8864.shtml
Please not the following - quoted from Softpedia
ATTENTION:
Due to an unavoidable ABI change, the kernel packages have a new version number, which will force you to reinstall or recompile all third-party kernel modules you might have installed. For example, after the upgrade to the above version of your kernel package, a software such as VirtualBox will NOT work anymore, therefore you must recompile its kernel module by issuing a specific command in the terminal. Moreover, if you use the linux-restricted-modules package, you have to update it as well to get modules that work with the new Linux kernel version.
This means that Virtualbox, the graphics drivers for nivida and ATI and other programs will stop working after this update
There are nine errors fixed, one only affects 6.06 Dapper and so not Mint, seven can lead to a local DoS attack and one can lead to changes in a file (a bit more nasty)
Only two flaws can be used by a remote user and that is only for 8.10 Intrepid/Mint
It's up to you to decide if you want to update
The updates have not reached mintUpdate yet (per Novemeber 30th)
If you decide to update you do the following
First guard against a non working graphics card
In /etc/X11/xorg.conf change whatever driver you have in Section "Device" to "vesa"
Open mintUpdate and in Edit> Preferences enable level 4 and 5
Update
No guarantees are given that you get it going again - unfortunately
We prioritize stability - that's why level 4 and 5 are normally not visible and enabled
You should update to
• For Daryna, users should update their kernel packages to linux-image-2.6.22-16.60
• For Elyssa, users should update their kernel packages to linux-image-2.6.24-22.45
• ForFelica, users should update their kernel packages to linux-image-2.6.27-9.19
Re: Security alert for the kernel
Posted: Sun Nov 30, 2008 12:44 pm
by newW2
To upgrade the kernel in Felica to linux-image-2.6.27-9.19, mintUpdate didn't do it. I had to go into the package manager and selct:
Reload, then Mark All Upgrades, then Apply
Then (before reboot) gedit /boot/grub/menu.lst (any switches needed like no acpi, hpet=disable, etc).
Then reboot and update the graphic driver.
Re: Security alert for the kernel
Posted: Mon Dec 01, 2008 8:25 am
by linuxviolin
Husse wrote:It's up to you to decide if you want to update
I would rather say that we should/must make the update!
Ubuntu waited too long before the release of the patched kernel,
"Ubuntu's users were vulnerable for a much longer time than the users of other distros, in most cases by at least a month, and in one case by more than 6 months!" 
For some information you can see
here
So we should/must make the update!
P.S.= This is another reason for another base...
Re: Security alert for the kernel
Posted: Mon Dec 01, 2008 10:14 am
by phil
Just finished the update on two computers. It went without a hitch following Husse's instructions but broke audio on both computers. I haven't been able to find out why.
Re: Security alert for the kernel
Posted: Mon Dec 01, 2008 4:20 pm
by changturkey
linuxviolin wrote:Husse wrote:It's up to you to decide if you want to update
I would rather say that we should/must make the update!
Ubuntu waited too long before the release of the patched kernel,
"Ubuntu's users were vulnerable for a much longer time than the users of other distros, in most cases by at least a month, and in one case by more than 6 months!"
For some information you can see
here
So we should/must make the update!
P.S.= This is another reason for another base...
Another base to what? Debian?
Re: Security alert for the kernel
Posted: Tue Dec 02, 2008 5:19 am
by tawan
Husse wrote:First guard against a non working graphics card
In /etc/X11/xorg.conf change whatever driver you have in Section "Device" to "vesa"
as in do...
Code: Select all
cd .. cd .. && sudo gedit /etc/X11/xorg.conf
and change (in my case) ...
Code: Select all
Section "Device"
Identifier "Configured Video Device"
EndSection
to
Code: Select all
Section "Device"
Identifier "vesa"
EndSection
??
Re: Security alert for the kernel
Posted: Tue Dec 02, 2008 6:43 am
by Husse
Not quite
Section "Device"
Identifier "vesa"
EndSection
but
Code: Select all
Section "Device"
Identifier "Configured Video Device"
Driver "vesa"
EndSection
Identifier must (of course) be the same as in Section "Monitor"
Re: Security alert for the kernel
Posted: Wed Dec 03, 2008 8:28 am
by GrayWizardLinux
Thanks for the news Husse. But unfortunately I do not understand how to do this. I am using Daryna, and most stuff works. I guess this is another negative to using linux and also Ubuntu-based distros. As much as I love and am happy using Mint. I may have to leave all as is.
This is a bit depressing though...
Re: Security alert for the kernel
Posted: Wed Dec 03, 2008 8:08 pm
by Old Marcus
Is this stable enough to be worth updating to? Bit pointless having a secure system that doesn't boot...
Re: Security alert for the kernel
Posted: Wed Dec 03, 2008 8:52 pm
by GrayWizardLinux
Yes - that is my point too! Too bad.
Re: Security alert for the kernel
Posted: Thu Dec 04, 2008 7:27 am
by Husse
Bit pointless having a secure system that doesn't boot...
Yupp - and that's what you may get (not quite) but you will experience problems and as I wrote above it's mostly minor problems.
As I wrote above
Only two flaws can be used by a remote user and that is only for 8.10 Intrepid/Mint
So unless you have the Felicia RC I don't see an urgent need to take action
Re: Security alert for the kernel
Posted: Thu Dec 04, 2008 1:17 pm
by Old Marcus
I'm on Felicia, but if this is going to break my display, which I've worked hard to get working, I'm not going to bother.
Re: Security alert for the kernel
Posted: Wed Dec 10, 2008 11:55 am
by soup
Toshiba Equium A100-027 (on-board Intel graphics), dual-boot with Vista.
linux-image-2.6.27-9.19 wasn't shown in level 4 or 5 mintupdate (9/12/2008).
Followed the way newW2 did update (thanks newW2).
newW2 wrote:To upgrade the kernel in Felica to linux-image-2.6.27-9.19, mintUpdate didn't do it. I had to go into the package manager and selct:
Reload, then Mark All Upgrades, then Apply
Then (before reboot) gedit /boot/grub/menu.lst (any switches needed like no acpi, hpet=disable, etc).
Then reboot and update the graphic driver.
Didn't need to edit /boot/grub/menu.lst.
Rebooted fine.
No graphic drivers to update as far as I'm aware.
soup
Re: Security alert for the kernel
Posted: Thu Dec 11, 2008 7:17 am
by Husse
Intel graphics may not be affected, but from Fleicia/Intrepid there is a technique developed by Dell that automatically recompiles the video drivers (and other modules) after a kernel update. It's called DKMS
http://linux.dell.com/projects.shtml
Re: Security alert for the kernel
Posted: Fri Dec 12, 2008 8:48 pm
by AK Dave
In most cases, reverting to non-restricted video or using Envy to uninstall your custom-compiled nvidia/ATI drivers is a quick GUI fix. Reboot, then do the update, then reboot again. Then re-enable the restricted or Envy driver. If you had some other custom compiled kernel module, like maybe you recompiled your realtek wifi driver, you might need to repeat that job also. Not a big deal.
Re: Security alert for the kernel
Posted: Fri Dec 12, 2008 8:58 pm
by Husse
Not a big deal.
Well - true if you are used to it and expect it, but to be really user friendly you should not have to worry at all
The Dell invention DKMS is a step on the road
Re: Security alert for the kernel
Posted: Thu Jan 01, 2009 4:12 pm
by Guestman
Husse wrote:Not a big deal.
Well - true if you are used to it and expect it, but to be really user friendly you should not have to worry at all
The Dell invention DKMS is a step on the road
I am not sure this will solve the problems... And this adds yet another layer and can bring its own bugs with it...
Why complicate always something more? Like a number of things in Linux, but sometimes also elsewhere, for a so-called "comfort" of the user, "user friendly", we add this or that thing, then another etc ... and finally we are with always *more* problems... I'm not sure this is the better solution.
Maybe it would be smarter to take the time to do things of quality, take the time to test them, to have a good and genuine QA ... and remain K.I.S.S.
By adding still more complexity we finish with still more bugs, problems, less stability...
Re: Security alert for the kernel
Posted: Thu May 14, 2009 10:35 pm
by widget
Did you edit your /boot/grub/menu.lst? You may have updated but are still booting to the old kernal.
Re: Security alert for the kernel
Posted: Fri May 15, 2009 4:18 am
by Husse
This is no longer valid - outdated topic
Topic locked