Security alert for the kernel

Releases and other announcements.
Please don't post support questions here
Forum rules
Section reserved for the team. You can reply to announcements here but not post new topics.

Security alert for the kernel

Postby Husse on Sun Nov 30, 2008 10:24 am

Several more or less critical flaws has been patched on Thursday November 27
http://news.softpedia.com/news/Newly-Di ... 8864.shtml

Please not the following - quoted from Softpedia
ATTENTION: Due to an unavoidable ABI change, the kernel packages have a new version number, which will force you to reinstall or recompile all third-party kernel modules you might have installed. For example, after the upgrade to the above version of your kernel package, a software such as VirtualBox will NOT work anymore, therefore you must recompile its kernel module by issuing a specific command in the terminal. Moreover, if you use the linux-restricted-modules package, you have to update it as well to get modules that work with the new Linux kernel version.

This means that Virtualbox, the graphics drivers for nivida and ATI and other programs will stop working after this update

There are nine errors fixed, one only affects 6.06 Dapper and so not Mint, seven can lead to a local DoS attack and one can lead to changes in a file (a bit more nasty)
Only two flaws can be used by a remote user and that is only for 8.10 Intrepid/Mint

It's up to you to decide if you want to update

The updates have not reached mintUpdate yet (per Novemeber 30th)

If you decide to update you do the following
First guard against a non working graphics card
In /etc/X11/xorg.conf change whatever driver you have in Section "Device" to "vesa"
Open mintUpdate and in Edit> Preferences enable level 4 and 5
Update
No guarantees are given that you get it going again - unfortunately
We prioritize stability - that's why level 4 and 5 are normally not visible and enabled
You should update to
• For Daryna, users should update their kernel packages to linux-image-2.6.22-16.60
• For Elyssa, users should update their kernel packages to linux-image-2.6.24-22.45
• ForFelica, users should update their kernel packages to linux-image-2.6.27-9.19
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19703
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Linux Mint is funded by ads and donations.
 

Re: Security alert for the kernel

Postby newW2 on Sun Nov 30, 2008 12:44 pm

To upgrade the kernel in Felica to linux-image-2.6.27-9.19, mintUpdate didn't do it. I had to go into the package manager and selct:
Reload, then Mark All Upgrades, then Apply
Then (before reboot) gedit /boot/grub/menu.lst (any switches needed like no acpi, hpet=disable, etc).
Then reboot and update the graphic driver.
User avatar
newW2
Level 6
Level 6
 
Posts: 1081
Joined: Fri Apr 06, 2007 10:24 am
Location: USA

Re: Security alert for the kernel

Postby linuxviolin on Mon Dec 01, 2008 8:25 am

Husse wrote:It's up to you to decide if you want to update

I would rather say that we should/must make the update!

Ubuntu waited too long before the release of the patched kernel, "Ubuntu's users were vulnerable for a much longer time than the users of other distros, in most cases by at least a month, and in one case by more than 6 months!" :twisted:

For some information you can see here

So we should/must make the update!

P.S.= This is another reason for another base... :roll:
Last edited by linuxviolin on Mon Dec 01, 2008 10:57 am, edited 2 times in total.
K.I.S.S. ===> "Keep It Simple, Stupid"
"Simplicity is the ultimate sophistication." (Leonardo da Vinci)
"Everything should be made as simple as possible, but no simpler." (Albert Einstein)
User avatar
linuxviolin
Level 8
Level 8
 
Posts: 2055
Joined: Tue Feb 27, 2007 6:55 pm
Location: France

Re: Security alert for the kernel

Postby phil on Mon Dec 01, 2008 10:14 am

Just finished the update on two computers. It went without a hitch following Husse's instructions but broke audio on both computers. I haven't been able to find out why.
13 Xfce, Win XP, GA-MA785GM-US2h, Athlon II X2 240, 4G mem, OCZ SSD, WD 230G, nVidia 210
13 Xfce, Win XP, N68C-5, Athlon II X2 255, 4G mem, OCZ SSD, WD 120G, nVidia 7025
13 Xfce, Win XP, N68C-5, Athlon II X2 250, 4G mem, OCZ SSD, WD 1T, nVidia 7025
phil
Level 3
Level 3
 
Posts: 142
Joined: Sun Dec 30, 2007 12:46 pm
Location: Consejo, Belize, Central America

Re: Security alert for the kernel

Postby changturkey on Mon Dec 01, 2008 4:20 pm

linuxviolin wrote:
Husse wrote:It's up to you to decide if you want to update

I would rather say that we should/must make the update!

Ubuntu waited too long before the release of the patched kernel, "Ubuntu's users were vulnerable for a much longer time than the users of other distros, in most cases by at least a month, and in one case by more than 6 months!" :twisted:

For some information you can see here

So we should/must make the update!

P.S.= This is another reason for another base... :roll:

Another base to what? Debian?
User avatar
changturkey
Level 1
Level 1
 
Posts: 40
Joined: Tue Jan 01, 2008 4:14 pm

Re: Security alert for the kernel

Postby tawan on Tue Dec 02, 2008 5:19 am

Husse wrote:First guard against a non working graphics card
In /etc/X11/xorg.conf change whatever driver you have in Section "Device" to "vesa"

as in do...

Code: Select all
cd .. cd .. && sudo gedit /etc/X11/xorg.conf


and change (in my case) ...

Code: Select all
Section "Device"
   Identifier   "Configured Video Device"
EndSection


to

Code: Select all
Section "Device"
   Identifier   "vesa"
EndSection


?? :?
User avatar
tawan
Level 4
Level 4
 
Posts: 405
Joined: Thu Apr 03, 2008 2:45 am

Re: Security alert for the kernel

Postby Husse on Tue Dec 02, 2008 6:43 am

Not quite
Section "Device"
Identifier "vesa"
EndSection

but
Code: Select all
    Section "Device"
       Identifier   "Configured Video Device"
       Driver   "vesa"
    EndSection

Identifier must (of course) be the same as in Section "Monitor"
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19703
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Security alert for the kernel

Postby GrayWizardLinux on Wed Dec 03, 2008 8:28 am

Thanks for the news Husse. But unfortunately I do not understand how to do this. I am using Daryna, and most stuff works. I guess this is another negative to using linux and also Ubuntu-based distros. As much as I love and am happy using Mint. I may have to leave all as is.

This is a bit depressing though... :( :x :(
Linux Mint - Pure Bliss!
User avatar
GrayWizardLinux
Level 6
Level 6
 
Posts: 1240
Joined: Wed Sep 12, 2007 5:47 pm
Location: Anywhere I Am!

Re: Security alert for the kernel

Postby Old Marcus on Wed Dec 03, 2008 8:08 pm

Is this stable enough to be worth updating to? Bit pointless having a secure system that doesn't boot... :roll:
Linux Mint 8 RC1 = Nice
'apt install' can be used on Linux Mint as a shortcut for 'sudo apt-get install'. 'apt x' can be used for various other apt commands as well.
When a problem is solved, please add [SOLVED] to your thread title.
User avatar
Old Marcus
Level 4
Level 4
 
Posts: 395
Joined: Sun Jun 08, 2008 4:51 pm
Location: Exeter, UK

Re: Security alert for the kernel

Postby GrayWizardLinux on Wed Dec 03, 2008 8:52 pm

Yes - that is my point too! Too bad.
Linux Mint - Pure Bliss!
User avatar
GrayWizardLinux
Level 6
Level 6
 
Posts: 1240
Joined: Wed Sep 12, 2007 5:47 pm
Location: Anywhere I Am!

Re: Security alert for the kernel

Postby Husse on Thu Dec 04, 2008 7:27 am

Bit pointless having a secure system that doesn't boot... :roll:

Yupp - and that's what you may get (not quite) but you will experience problems and as I wrote above it's mostly minor problems.
As I wrote above
Only two flaws can be used by a remote user and that is only for 8.10 Intrepid/Mint
So unless you have the Felicia RC I don't see an urgent need to take action
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19703
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Security alert for the kernel

Postby Old Marcus on Thu Dec 04, 2008 1:17 pm

I'm on Felicia, but if this is going to break my display, which I've worked hard to get working, I'm not going to bother.
Linux Mint 8 RC1 = Nice
'apt install' can be used on Linux Mint as a shortcut for 'sudo apt-get install'. 'apt x' can be used for various other apt commands as well.
When a problem is solved, please add [SOLVED] to your thread title.
User avatar
Old Marcus
Level 4
Level 4
 
Posts: 395
Joined: Sun Jun 08, 2008 4:51 pm
Location: Exeter, UK

Re: Security alert for the kernel

Postby soup on Wed Dec 10, 2008 11:55 am

Toshiba Equium A100-027 (on-board Intel graphics), dual-boot with Vista.
linux-image-2.6.27-9.19 wasn't shown in level 4 or 5 mintupdate (9/12/2008).
Followed the way newW2 did update (thanks newW2).
newW2 wrote:To upgrade the kernel in Felica to linux-image-2.6.27-9.19, mintUpdate didn't do it. I had to go into the package manager and selct:
Reload, then Mark All Upgrades, then Apply
Then (before reboot) gedit /boot/grub/menu.lst (any switches needed like no acpi, hpet=disable, etc).
Then reboot and update the graphic driver.

Didn't need to edit /boot/grub/menu.lst.
Rebooted fine.
No graphic drivers to update as far as I'm aware.
soup
User avatar
soup
Level 1
Level 1
 
Posts: 13
Joined: Tue Dec 09, 2008 1:54 pm

Re: Security alert for the kernel

Postby Husse on Thu Dec 11, 2008 7:17 am

Intel graphics may not be affected, but from Fleicia/Intrepid there is a technique developed by Dell that automatically recompiles the video drivers (and other modules) after a kernel update. It's called DKMS
http://linux.dell.com/projects.shtml
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19703
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Security alert for the kernel

Postby AK Dave on Fri Dec 12, 2008 8:48 pm

In most cases, reverting to non-restricted video or using Envy to uninstall your custom-compiled nvidia/ATI drivers is a quick GUI fix. Reboot, then do the update, then reboot again. Then re-enable the restricted or Envy driver. If you had some other custom compiled kernel module, like maybe you recompiled your realtek wifi driver, you might need to repeat that job also. Not a big deal.
User avatar
AK Dave
Level 6
Level 6
 
Posts: 1042
Joined: Wed May 14, 2008 3:39 pm
Location: Anchorage, AK USA

Re: Security alert for the kernel

Postby Husse on Fri Dec 12, 2008 8:58 pm

Not a big deal.

Well - true if you are used to it and expect it, but to be really user friendly you should not have to worry at all
The Dell invention DKMS is a step on the road
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19703
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Security alert for the kernel

Postby Guestman on Thu Jan 01, 2009 4:12 pm

Husse wrote:
Not a big deal.

Well - true if you are used to it and expect it, but to be really user friendly you should not have to worry at all
The Dell invention DKMS is a step on the road

I am not sure this will solve the problems... And this adds yet another layer and can bring its own bugs with it...
Why complicate always something more? Like a number of things in Linux, but sometimes also elsewhere, for a so-called "comfort" of the user, "user friendly", we add this or that thing, then another etc ... and finally we are with always *more* problems... I'm not sure this is the better solution. :roll:

Maybe it would be smarter to take the time to do things of quality, take the time to test them, to have a good and genuine QA ... and remain K.I.S.S.

By adding still more complexity we finish with still more bugs, problems, less stability...
Guestman
 

Re: Security alert for the kernel

Postby el_b on Sun Mar 22, 2009 1:33 am

Damn, this is what I hate of Ubuntu... What are the specific commands? apt-get install blah?
Has anyone found out how to fix the broken sound?
Could you try this? I found it on the linux course in http://www.linux.org/lessons/
alsaconf If you're using Debian, this is the package you need to set up sound. The alsa-base package is also required.
Edit: Somehow, it did the opposite of what was said. On Mint 6 Felicia, main, 32 bits, I installed most of lev 4 and 5 upgrades, including the new kernel. Before doing that, my sound Alsa driver was broke for an unknown reason, and virtualbox did not work, and a game in wine didn't wanna load. But now the game sounds, loads, it booted with video and audio, but Virtualbox still doesn't wanna work, but I did fix it a week ago, I just gotta do it again. Worked perfectly for me.

I did mintupdate but my kernel is a version lower that the one shown there.
I do uname -r
It prints 2.6.27-7-generic
instead of 2.6.27-9...
bill_g >/dev/null
Image
User avatar
el_b
Level 2
Level 2
 
Posts: 75
Joined: Mon Mar 02, 2009 9:24 pm

Re: Security alert for the kernel

Postby widget on Thu May 14, 2009 10:35 pm

Did you edit your /boot/grub/menu.lst? You may have updated but are still booting to the old kernal.
Dell XPS 420 Core2 Quad Q 6600, audigy5.1, Radeon HD 6450 - currently 4 320Gb HDD, Debian Squeeze for secure use, Debian testing for daily use, Debian Sid for fun.
widget
Level 3
Level 3
 
Posts: 167
Joined: Thu May 14, 2009 2:49 am
Location: S.E. Montana

Re: Security alert for the kernel

Postby Husse on Fri May 15, 2009 4:18 am

This is no longer valid - outdated topic
Topic locked
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19703
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Linux Mint is funded by ads and donations.
 

Return to Releases & Announcements

Who is online

Users browsing this forum: No registered users and 0 guests