Page 1 of 2

Kernel vulnerabilities

Posted: Sat Feb 06, 2010 11:17 am
by Husse
Kernel updates for in all 10 vulnerabilities have been released
If I count correctly seven of these are for a local attacker
Nevertheless it may be a good idea to upgrade your kernel
Read about the ups and downs of that here
This is not without some risk to your system as these are level 5 updates and could potentially break your system
You have to reboot after this update
Luckily, if they do, you can just boot into the old kernel
Edit - both the old and the new kernel will have an entry in Grub

Re: Kernel vulnerabilities

Posted: Sat Feb 06, 2010 12:25 pm
by fwc
How do you boot into the old if it doesn't work?

Re: Kernel vulnerabilities

Posted: Sat Feb 06, 2010 4:20 pm
by Boo
the old kernels will be listed in the grub boot menu.
just use the arrow keys to navigate to the desired one and hit enter.

Boo

Re: Kernel vulnerabilities

Posted: Sat Feb 06, 2010 4:33 pm
by Husse
I have now installed the final Helena Main on my laptop and all level 4 and 5 updates with good result, the Broadcom STA driver was not broken and on my desktop the ATI fglrx driver was not broken
Updates seem to go smoother now, but in the link above there are reports of failed updates
Any kernel update leaves a link to the old kernel in Grub so you can boot with it and it is possible to remove the new kernel if you cant' use it

Re: Kernel vulnerabilities

Posted: Mon Feb 08, 2010 3:52 pm
by M_aD
Does one need to update everything from the 4 and/or 5 level updates in Mint 8 Helena or can one just only install the 2.6.31-19 kernel stuff?

Re: Kernel vulnerabilities

Posted: Mon Feb 08, 2010 5:33 pm
by red-e-made
Running Mint 7 XFCE here, and just installed all Level 4 and 5 updates. Rebooted. No problems whatsoever. Thanks for the heads up, Husse.

Re: Kernel vulnerabilities

Posted: Mon Feb 08, 2010 8:11 pm
by mmesantos1
Thanks for the heads up. I am running Mint 8 Main x32 and updated to the latest PAE kernel as well as all Level 4 & 5 updates and all is working well. :)

Re: Kernel vulnerabilities

Posted: Tue Feb 09, 2010 6:11 am
by Husse
The level 4 updates available now is for xorg so they are not necessary to secure you from this threat, it's the level 5 kernel things that are important

Re: Kernel vulnerabilities

Posted: Tue Feb 09, 2010 9:36 am
by M_aD
That's all i needed to know. Thank you Husse. :)

Re: Kernel vulnerabilities

Posted: Tue Feb 09, 2010 12:58 pm
by z06gal
I just updated via synaptic and all seems to be fine. Thanks for the info Husse. :D

Re: Kernel vulnerabilities

Posted: Tue Feb 09, 2010 11:23 pm
by fwc
Which exact files in the updater do I need if I am running 32bit, Gnome Helena?

Re: Kernel vulnerabilities

Posted: Wed Feb 10, 2010 5:54 am
by Husse
fwc wrote:Which exact files in the updater do I need if I am running 32bit, Gnome Helena?
I don't have an unupdated system any more but as far as I remember all the level 5 ones, except possibly an update to hal which I think was there, or maybe not there could be new ones
Remember that this can break your system and that you can use the old kernel in that case

Re: Kernel vulnerabilities

Posted: Thu Feb 11, 2010 8:19 am
by fwc
Husse wrote:
fwc wrote:Which exact files in the updater do I need if I am running 32bit, Gnome Helena?
I don't have an unupdated system any more but as far as I remember all the level 5 ones, except possibly an update to hal which I think was there, or maybe not there could be new ones
Remember that this can break your system and that you can use the old kernel in that case
aha! thanks very much. It worked but I was wondering if it would be any faster or just patch security holes. Thanks for all the info.

Re: Kernel vulnerabilities

Posted: Thu Feb 11, 2010 5:55 pm
by SL_DON
Noob user here just did the kernel update and so far so good.

just would like to know how long the old kernel will still be in grub and if its permanent how to remove it once i am satisfied that my system is stable.

Re: Kernel vulnerabilities

Posted: Fri Feb 12, 2010 12:40 am
by newW2
First use this command to see the list of the installed kernels in your Ubuntu

$ dpkg --get-selections | grep linux-image

Now for example try to delete the oldest one (change oldest kernel with your oldest one)

# $ sudo apt-get purge [oldest-kernel-from grep command above]

If the kernel you try to uninstall is not updated, you will get a message to update first before you continue. Update then the kernel and then uninstall that old kernel and the updates using the same command above.

Important : Do not uninstall the linux-image-generic as it is necessary to receive updates of the kernel.

[note if satisfied and using grub2; then run update-grub as root to cleanup grub]

Source is from one of our sponsors that has many a good how-to and/or review:
http://www.unixmen.com/linux-tutorials/ ... -in-ubuntu

Re: Kernel vulnerabilities

Posted: Sat Feb 13, 2010 12:43 am
by dan j
Use ubuntu-tweak to remove old kernels.

http://ubuntu-tweak.com/

Re: Kernel vulnerabilities

Posted: Fri Feb 19, 2010 10:18 pm
by blklime
How does one update the kernel?

Re: Kernel vulnerabilities

Posted: Sat Feb 20, 2010 1:18 am
by mmesantos1
blklime wrote:How does one update the kernel?
Set Mint update for level 5 and then update. Once complete reboot your PC. After that you can remove old kernel. You can reboot again to be sure, well I do but that's it.

Re: Kernel vulnerabilities

Posted: Sun Mar 21, 2010 5:44 pm
by Kendoori
I also updated with no issues. I was motivated to do this because of issues with my MSI U100 and the Bison webcam. Updating the kernel per level 5 releases fixed this for me.

Re: Kernel vulnerabilities

Posted: Mon Mar 22, 2010 6:02 pm
by kmb42vt
Note: I'm only posting this for info purposes and not recommending anyone jump out and upgrade. Perhaps some more experienced than I can determine whether it's needed or not.

ZDNet and Ubuntu recently announced that more vulnerabilities have been found in Ubuntu's latest kernels covering versions 6.06 LTS to 9.10 (Ubuntu/Kubuntu/Xubuntu/Edubuntu) which should include Mint versions also I believe? In my case, my latest kernel is 2.6.31-20.57 in which case I would need to upgrade to 2.6.31-20.58 if I read things right.

Here's the link to the ZDNet article and another to the referenced Ubuntu announcement. The latter lists the Ubuntu versions and the various vulnerable kernel versions along with the required updates under each one:

http://blogs.zdnet.com/hardware/?p=7728

http://www.ubuntu.com/usn/USN-914-1

I found that the updates are available under "Level 5" in mintUpdate.