Security alert for the kernel
Forum rules
Section reserved for the team. You can reply to announcements here but not post new topics. Do not add support questions to threads here, use the appropriate support forum instead.
Section reserved for the team. You can reply to announcements here but not post new topics. Do not add support questions to threads here, use the appropriate support forum instead.
Security alert for the kernel
Several more or less critical flaws has been patched on Thursday November 27
http://news.softpedia.com/news/Newly-Di ... 8864.shtml
Please not the following - quoted from Softpedia
ATTENTION: Due to an unavoidable ABI change, the kernel packages have a new version number, which will force you to reinstall or recompile all third-party kernel modules you might have installed. For example, after the upgrade to the above version of your kernel package, a software such as VirtualBox will NOT work anymore, therefore you must recompile its kernel module by issuing a specific command in the terminal. Moreover, if you use the linux-restricted-modules package, you have to update it as well to get modules that work with the new Linux kernel version.
This means that Virtualbox, the graphics drivers for nivida and ATI and other programs will stop working after this update
There are nine errors fixed, one only affects 6.06 Dapper and so not Mint, seven can lead to a local DoS attack and one can lead to changes in a file (a bit more nasty)
Only two flaws can be used by a remote user and that is only for 8.10 Intrepid/Mint
It's up to you to decide if you want to update
The updates have not reached mintUpdate yet (per Novemeber 30th)
If you decide to update you do the following
First guard against a non working graphics card
In /etc/X11/xorg.conf change whatever driver you have in Section "Device" to "vesa"
Open mintUpdate and in Edit> Preferences enable level 4 and 5
Update
No guarantees are given that you get it going again - unfortunately
We prioritize stability - that's why level 4 and 5 are normally not visible and enabled
You should update to
• For Daryna, users should update their kernel packages to linux-image-2.6.22-16.60
• For Elyssa, users should update their kernel packages to linux-image-2.6.24-22.45
• ForFelica, users should update their kernel packages to linux-image-2.6.27-9.19
http://news.softpedia.com/news/Newly-Di ... 8864.shtml
Please not the following - quoted from Softpedia
ATTENTION: Due to an unavoidable ABI change, the kernel packages have a new version number, which will force you to reinstall or recompile all third-party kernel modules you might have installed. For example, after the upgrade to the above version of your kernel package, a software such as VirtualBox will NOT work anymore, therefore you must recompile its kernel module by issuing a specific command in the terminal. Moreover, if you use the linux-restricted-modules package, you have to update it as well to get modules that work with the new Linux kernel version.
This means that Virtualbox, the graphics drivers for nivida and ATI and other programs will stop working after this update
There are nine errors fixed, one only affects 6.06 Dapper and so not Mint, seven can lead to a local DoS attack and one can lead to changes in a file (a bit more nasty)
Only two flaws can be used by a remote user and that is only for 8.10 Intrepid/Mint
It's up to you to decide if you want to update
The updates have not reached mintUpdate yet (per Novemeber 30th)
If you decide to update you do the following
First guard against a non working graphics card
In /etc/X11/xorg.conf change whatever driver you have in Section "Device" to "vesa"
Open mintUpdate and in Edit> Preferences enable level 4 and 5
Update
No guarantees are given that you get it going again - unfortunately
We prioritize stability - that's why level 4 and 5 are normally not visible and enabled
You should update to
• For Daryna, users should update their kernel packages to linux-image-2.6.22-16.60
• For Elyssa, users should update their kernel packages to linux-image-2.6.24-22.45
• ForFelica, users should update their kernel packages to linux-image-2.6.27-9.19
Re: Security alert for the kernel
To upgrade the kernel in Felica to linux-image-2.6.27-9.19, mintUpdate didn't do it. I had to go into the package manager and selct:
Reload, then Mark All Upgrades, then Apply
Then (before reboot) gedit /boot/grub/menu.lst (any switches needed like no acpi, hpet=disable, etc).
Then reboot and update the graphic driver.
Reload, then Mark All Upgrades, then Apply
Then (before reboot) gedit /boot/grub/menu.lst (any switches needed like no acpi, hpet=disable, etc).
Then reboot and update the graphic driver.
- linuxviolin
- Level 8
- Posts: 2081
- Joined: Tue Feb 27, 2007 6:55 pm
- Location: France
Re: Security alert for the kernel
I would rather say that we should/must make the update!Husse wrote:It's up to you to decide if you want to update
Ubuntu waited too long before the release of the patched kernel, "Ubuntu's users were vulnerable for a much longer time than the users of other distros, in most cases by at least a month, and in one case by more than 6 months!"
For some information you can see here
So we should/must make the update!
P.S.= This is another reason for another base...
Last edited by linuxviolin on Mon Dec 01, 2008 10:57 am, edited 2 times in total.
K.I.S.S. ===> "Keep It Simple, Stupid"
"Simplicity is the ultimate sophistication." (Leonardo da Vinci)
"Everything should be made as simple as possible, but no simpler." (Albert Einstein)
"Simplicity is the ultimate sophistication." (Leonardo da Vinci)
"Everything should be made as simple as possible, but no simpler." (Albert Einstein)
-
- Level 3
- Posts: 141
- Joined: Sun Dec 30, 2007 12:46 pm
- Location: Consejo, Belize, Central America
Re: Security alert for the kernel
Just finished the update on two computers. It went without a hitch following Husse's instructions but broke audio on both computers. I haven't been able to find out why.
Re: Security alert for the kernel
Another base to what? Debian?linuxviolin wrote:I would rather say that we should/must make the update!Husse wrote:It's up to you to decide if you want to update
Ubuntu waited too long before the release of the patched kernel, "Ubuntu's users were vulnerable for a much longer time than the users of other distros, in most cases by at least a month, and in one case by more than 6 months!"
For some information you can see here
So we should/must make the update!
P.S.= This is another reason for another base...
Re: Security alert for the kernel
as in do...Husse wrote:First guard against a non working graphics card
In /etc/X11/xorg.conf change whatever driver you have in Section "Device" to "vesa"
Code: Select all
cd .. cd .. && sudo gedit /etc/X11/xorg.conf
Code: Select all
Section "Device"
Identifier "Configured Video Device"
EndSection
Code: Select all
Section "Device"
Identifier "vesa"
EndSection
Re: Security alert for the kernel
Not quite
Identifier must (of course) be the same as in Section "Monitor"
butSection "Device"
Identifier "vesa"
EndSection
Code: Select all
Section "Device"
Identifier "Configured Video Device"
Driver "vesa"
EndSection
- GrayWizardLinux
- Level 6
- Posts: 1232
- Joined: Wed Sep 12, 2007 5:47 pm
- Location: Anywhere I Am!
Re: Security alert for the kernel
Thanks for the news Husse. But unfortunately I do not understand how to do this. I am using Daryna, and most stuff works. I guess this is another negative to using linux and also Ubuntu-based distros. As much as I love and am happy using Mint. I may have to leave all as is.
This is a bit depressing though...
This is a bit depressing though...
Linux Mint - Pure Bliss!
Re: Security alert for the kernel
Is this stable enough to be worth updating to? Bit pointless having a secure system that doesn't boot...
- GrayWizardLinux
- Level 6
- Posts: 1232
- Joined: Wed Sep 12, 2007 5:47 pm
- Location: Anywhere I Am!
Re: Security alert for the kernel
Yupp - and that's what you may get (not quite) but you will experience problems and as I wrote above it's mostly minor problems.Bit pointless having a secure system that doesn't boot...
As I wrote above
Only two flaws can be used by a remote user and that is only for 8.10 Intrepid/Mint
So unless you have the Felicia RC I don't see an urgent need to take action
Re: Security alert for the kernel
I'm on Felicia, but if this is going to break my display, which I've worked hard to get working, I'm not going to bother.
Re: Security alert for the kernel
Toshiba Equium A100-027 (on-board Intel graphics), dual-boot with Vista.
linux-image-2.6.27-9.19 wasn't shown in level 4 or 5 mintupdate (9/12/2008).
Followed the way newW2 did update (thanks newW2).
Rebooted fine.
No graphic drivers to update as far as I'm aware.
soup
linux-image-2.6.27-9.19 wasn't shown in level 4 or 5 mintupdate (9/12/2008).
Followed the way newW2 did update (thanks newW2).
Didn't need to edit /boot/grub/menu.lst.newW2 wrote:To upgrade the kernel in Felica to linux-image-2.6.27-9.19, mintUpdate didn't do it. I had to go into the package manager and selct:
Reload, then Mark All Upgrades, then Apply
Then (before reboot) gedit /boot/grub/menu.lst (any switches needed like no acpi, hpet=disable, etc).
Then reboot and update the graphic driver.
Rebooted fine.
No graphic drivers to update as far as I'm aware.
soup
Re: Security alert for the kernel
Intel graphics may not be affected, but from Fleicia/Intrepid there is a technique developed by Dell that automatically recompiles the video drivers (and other modules) after a kernel update. It's called DKMS
http://linux.dell.com/projects.shtml
http://linux.dell.com/projects.shtml
Re: Security alert for the kernel
In most cases, reverting to non-restricted video or using Envy to uninstall your custom-compiled nvidia/ATI drivers is a quick GUI fix. Reboot, then do the update, then reboot again. Then re-enable the restricted or Envy driver. If you had some other custom compiled kernel module, like maybe you recompiled your realtek wifi driver, you might need to repeat that job also. Not a big deal.
Re: Security alert for the kernel
Well - true if you are used to it and expect it, but to be really user friendly you should not have to worry at allNot a big deal.
The Dell invention DKMS is a step on the road
Re: Security alert for the kernel
I am not sure this will solve the problems... And this adds yet another layer and can bring its own bugs with it...Husse wrote:Well - true if you are used to it and expect it, but to be really user friendly you should not have to worry at allNot a big deal.
The Dell invention DKMS is a step on the road
Why complicate always something more? Like a number of things in Linux, but sometimes also elsewhere, for a so-called "comfort" of the user, "user friendly", we add this or that thing, then another etc ... and finally we are with always *more* problems... I'm not sure this is the better solution.
Maybe it would be smarter to take the time to do things of quality, take the time to test them, to have a good and genuine QA ... and remain K.I.S.S.
By adding still more complexity we finish with still more bugs, problems, less stability...
Re: Security alert for the kernel
Did you edit your /boot/grub/menu.lst? You may have updated but are still booting to the old kernal.