Security alert for the kernel

Releases and other announcements.
Please don't post support questions here
Forum rules
Section reserved for the team. You can reply to announcements here but not post new topics. Do not add support questions to threads here, use the appropriate support forum instead.
Locked
Husse

Security alert for the kernel

Post by Husse »

Several more or less critical flaws has been patched on Thursday November 27
http://news.softpedia.com/news/Newly-Di ... 8864.shtml

Please not the following - quoted from Softpedia
ATTENTION: Due to an unavoidable ABI change, the kernel packages have a new version number, which will force you to reinstall or recompile all third-party kernel modules you might have installed. For example, after the upgrade to the above version of your kernel package, a software such as VirtualBox will NOT work anymore, therefore you must recompile its kernel module by issuing a specific command in the terminal. Moreover, if you use the linux-restricted-modules package, you have to update it as well to get modules that work with the new Linux kernel version.

This means that Virtualbox, the graphics drivers for nivida and ATI and other programs will stop working after this update

There are nine errors fixed, one only affects 6.06 Dapper and so not Mint, seven can lead to a local DoS attack and one can lead to changes in a file (a bit more nasty)
Only two flaws can be used by a remote user and that is only for 8.10 Intrepid/Mint

It's up to you to decide if you want to update

The updates have not reached mintUpdate yet (per Novemeber 30th)

If you decide to update you do the following
First guard against a non working graphics card
In /etc/X11/xorg.conf change whatever driver you have in Section "Device" to "vesa"
Open mintUpdate and in Edit> Preferences enable level 4 and 5
Update
No guarantees are given that you get it going again - unfortunately
We prioritize stability - that's why level 4 and 5 are normally not visible and enabled
You should update to
• For Daryna, users should update their kernel packages to linux-image-2.6.22-16.60
• For Elyssa, users should update their kernel packages to linux-image-2.6.24-22.45
• ForFelica, users should update their kernel packages to linux-image-2.6.27-9.19
User avatar
newW2
Level 5
Level 5
Posts: 821
Joined: Fri Apr 06, 2007 10:24 am
Location: USA

Re: Security alert for the kernel

Post by newW2 »

To upgrade the kernel in Felica to linux-image-2.6.27-9.19, mintUpdate didn't do it. I had to go into the package manager and selct:
Reload, then Mark All Upgrades, then Apply
Then (before reboot) gedit /boot/grub/menu.lst (any switches needed like no acpi, hpet=disable, etc).
Then reboot and update the graphic driver.
User avatar
linuxviolin
Level 8
Level 8
Posts: 2081
Joined: Tue Feb 27, 2007 6:55 pm
Location: France

Re: Security alert for the kernel

Post by linuxviolin »

Husse wrote:It's up to you to decide if you want to update
I would rather say that we should/must make the update!

Ubuntu waited too long before the release of the patched kernel, "Ubuntu's users were vulnerable for a much longer time than the users of other distros, in most cases by at least a month, and in one case by more than 6 months!" :twisted:

For some information you can see here

So we should/must make the update!

P.S.= This is another reason for another base... :roll:
Last edited by linuxviolin on Mon Dec 01, 2008 10:57 am, edited 2 times in total.
K.I.S.S. ===> "Keep It Simple, Stupid"
"Simplicity is the ultimate sophistication." (Leonardo da Vinci)
"Everything should be made as simple as possible, but no simpler." (Albert Einstein)
phil
Level 3
Level 3
Posts: 141
Joined: Sun Dec 30, 2007 12:46 pm
Location: Consejo, Belize, Central America

Re: Security alert for the kernel

Post by phil »

Just finished the update on two computers. It went without a hitch following Husse's instructions but broke audio on both computers. I haven't been able to find out why.
changturkey

Re: Security alert for the kernel

Post by changturkey »

linuxviolin wrote:
Husse wrote:It's up to you to decide if you want to update
I would rather say that we should/must make the update!

Ubuntu waited too long before the release of the patched kernel, "Ubuntu's users were vulnerable for a much longer time than the users of other distros, in most cases by at least a month, and in one case by more than 6 months!" :twisted:

For some information you can see here

So we should/must make the update!

P.S.= This is another reason for another base... :roll:
Another base to what? Debian?
tawan

Re: Security alert for the kernel

Post by tawan »

Husse wrote:First guard against a non working graphics card
In /etc/X11/xorg.conf change whatever driver you have in Section "Device" to "vesa"
as in do...

Code: Select all

cd .. cd .. && sudo gedit /etc/X11/xorg.conf
and change (in my case) ...

Code: Select all

Section "Device"
	Identifier	"Configured Video Device"
EndSection
to

Code: Select all

Section "Device"
	Identifier	"vesa"
EndSection
?? :?
Husse

Re: Security alert for the kernel

Post by Husse »

Not quite
Section "Device"
Identifier "vesa"
EndSection
but

Code: Select all

    Section "Device"
       Identifier   "Configured Video Device"
       Driver   "vesa"
    EndSection
Identifier must (of course) be the same as in Section "Monitor"
User avatar
GrayWizardLinux
Level 6
Level 6
Posts: 1232
Joined: Wed Sep 12, 2007 5:47 pm
Location: Anywhere I Am!

Re: Security alert for the kernel

Post by GrayWizardLinux »

Thanks for the news Husse. But unfortunately I do not understand how to do this. I am using Daryna, and most stuff works. I guess this is another negative to using linux and also Ubuntu-based distros. As much as I love and am happy using Mint. I may have to leave all as is.

This is a bit depressing though... :( :x :(
Linux Mint - Pure Bliss!
Old Marcus

Re: Security alert for the kernel

Post by Old Marcus »

Is this stable enough to be worth updating to? Bit pointless having a secure system that doesn't boot... :roll:
User avatar
GrayWizardLinux
Level 6
Level 6
Posts: 1232
Joined: Wed Sep 12, 2007 5:47 pm
Location: Anywhere I Am!

Re: Security alert for the kernel

Post by GrayWizardLinux »

Yes - that is my point too! Too bad.
Linux Mint - Pure Bliss!
Husse

Re: Security alert for the kernel

Post by Husse »

Bit pointless having a secure system that doesn't boot... :roll:
Yupp - and that's what you may get (not quite) but you will experience problems and as I wrote above it's mostly minor problems.
As I wrote above
Only two flaws can be used by a remote user and that is only for 8.10 Intrepid/Mint
So unless you have the Felicia RC I don't see an urgent need to take action
Old Marcus

Re: Security alert for the kernel

Post by Old Marcus »

I'm on Felicia, but if this is going to break my display, which I've worked hard to get working, I'm not going to bother.
soup

Re: Security alert for the kernel

Post by soup »

Toshiba Equium A100-027 (on-board Intel graphics), dual-boot with Vista.
linux-image-2.6.27-9.19 wasn't shown in level 4 or 5 mintupdate (9/12/2008).
Followed the way newW2 did update (thanks newW2).
newW2 wrote:To upgrade the kernel in Felica to linux-image-2.6.27-9.19, mintUpdate didn't do it. I had to go into the package manager and selct:
Reload, then Mark All Upgrades, then Apply
Then (before reboot) gedit /boot/grub/menu.lst (any switches needed like no acpi, hpet=disable, etc).
Then reboot and update the graphic driver.
Didn't need to edit /boot/grub/menu.lst.
Rebooted fine.
No graphic drivers to update as far as I'm aware.
soup
Husse

Re: Security alert for the kernel

Post by Husse »

Intel graphics may not be affected, but from Fleicia/Intrepid there is a technique developed by Dell that automatically recompiles the video drivers (and other modules) after a kernel update. It's called DKMS
http://linux.dell.com/projects.shtml
AK Dave

Re: Security alert for the kernel

Post by AK Dave »

In most cases, reverting to non-restricted video or using Envy to uninstall your custom-compiled nvidia/ATI drivers is a quick GUI fix. Reboot, then do the update, then reboot again. Then re-enable the restricted or Envy driver. If you had some other custom compiled kernel module, like maybe you recompiled your realtek wifi driver, you might need to repeat that job also. Not a big deal.
Husse

Re: Security alert for the kernel

Post by Husse »

Not a big deal.
Well - true if you are used to it and expect it, but to be really user friendly you should not have to worry at all
The Dell invention DKMS is a step on the road
Guestman

Re: Security alert for the kernel

Post by Guestman »

Husse wrote:
Not a big deal.
Well - true if you are used to it and expect it, but to be really user friendly you should not have to worry at all
The Dell invention DKMS is a step on the road
I am not sure this will solve the problems... And this adds yet another layer and can bring its own bugs with it...
Why complicate always something more? Like a number of things in Linux, but sometimes also elsewhere, for a so-called "comfort" of the user, "user friendly", we add this or that thing, then another etc ... and finally we are with always *more* problems... I'm not sure this is the better solution. :roll:

Maybe it would be smarter to take the time to do things of quality, take the time to test them, to have a good and genuine QA ... and remain K.I.S.S.

By adding still more complexity we finish with still more bugs, problems, less stability...
widget

Re: Security alert for the kernel

Post by widget »

Did you edit your /boot/grub/menu.lst? You may have updated but are still booting to the old kernal.
Husse

Re: Security alert for the kernel

Post by Husse »

This is no longer valid - outdated topic
Topic locked
Locked

Return to “Releases & Announcements”