Are kernel updates security updates?

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
Post Reply
Cap
Level 2
Level 2
Posts: 97
Joined: Sat Dec 21, 2019 8:56 pm

Are kernel updates security updates?

Post by Cap »

In Update Manager the Changelog for security updates list the security problems it will fix. However the Changelog for The Linux kernel update contains no information. How can I view actual changelog for Linux kernel update to discover if it contains security fixes? Thank you.
User avatar
karlchen
Level 21
Level 21
Posts: 13675
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: Are kernel updates security updates?

Post by karlchen »

Hello, Cap.

Kernel updates can be security updates. They can be purely technical updates. The same kernel update can do both: close security holes and fix purely technical errors.
You may use Synaptic Package Manager from the Linux Mint Application Menu, locate the kernel which you are interested in and check its changelog.
Note:
The most detailled changelog for the most recent kernel update can be viewed by reading the changelog for the software package linux-libc-dev.

Best regards,
Karl
Image
Linux Mint 19.3 64-bit Cinnamon, Total Commander 9.51 64-bit
DAMIEN1307
Level 11
Level 11
Posts: 3703
Joined: Tue Feb 21, 2017 8:13 pm
Location: Alamogordo, New Mexico, USA

Re: Are kernel updates security updates?

Post by DAMIEN1307 »

ALL kernel updates within the same series, example, (4.15.0-96 updated to 4.15.0-99), are security as well as bug fixes to the existing kernel series...DAMIEN

EDIT...OOOPS, karlchen beat me to it...lol.
ORDO AB CHAO
"I refuse to be assimilated, I refuse to become one with the Borg Collective"
Cap
Level 2
Level 2
Posts: 97
Joined: Sat Dec 21, 2019 8:56 pm

Re: Are kernel updates security updates?

Post by Cap »

The Changelogs in Synaptic Package Manager are same as Update Manager. I find it confusing the changelog for the kernel is listed under a different update, the kernel headers for development. However thank you for explaining.
User avatar
karlchen
Level 21
Level 21
Posts: 13675
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: Are kernel updates security updates?

Post by karlchen »

Hello, Cap.

The same has confused me more than once, before I got used to it. :wink:
By the way, kernel updates, which close security holes, should appear on this Ubuntu webpage, Ubuntu logo for print security notices, as well.

Best regards,
Karl
Image
Linux Mint 19.3 64-bit Cinnamon, Total Commander 9.51 64-bit
User avatar
karlchen
Level 21
Level 21
Posts: 13675
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: Are kernel updates security updates?

Post by karlchen »

Hello, Cap.

Coming back to your the initial statement
Cap wrote:
Sun May 03, 2020 8:38 am
However the Changelog for The Linux kernel update contains no information.
Inside the Mint Update Manager, are you sure you clicked on the right package (group) and then on changelog?

Reason for asking: even on my good old LM 18.1, Update Manager will display the relevant detailled changelog, when the selected package (group) is "Linux-Kernel 4.4.0-178.208", not "Linux-Meta". (The precise version string will vary between systems, of course)

Image
(Click on screenshot to enlarge. Press <Alt><Cursor Left> to return here.)

Will also check on an LM 19.3 system, where the kernel update is still pending, and report back.

But to me this suggests that, before you have installed the kernel update, you can read the detailled changelog inside LM Update Manager. You cannot, you are right. It does not work on LM 19.x, because UM looks for the kernel changelog in several wrong places.

This is where LM 19.3 UM looks for kernel changelogs:

Code: Select all

karl@unimatrix0:~$ Trying to fetch the changelog from: http://changelogs.ubuntu.com/changelogs/pool/main/l/linux-meta/linux-meta_4.15.0-99.100/changelog
Trying to fetch the changelog from: http://changelogs.ubuntu.com/changelogs/pool/multiverse/l/linux-meta/linux-meta_4.15.0-99.100/changelog
Trying to fetch the changelog from: http://changelogs.ubuntu.com/changelogs/pool/universe/l/linux-meta/linux-meta_4.15.0-99.100/changelog
Trying to fetch the changelog from: http://changelogs.ubuntu.com/changelogs/pool/restricted/l/linux-meta/linux-meta_4.15.0-99.100/changelog
And the result is failure. No changelogs found. Though Synaptic will display them without problems.

Image
(Click on screenshot to enlarge. Press <Alt><Cursor Left> to return here.)

Should search a bit. I bet there will be reports about this bug, maybe even a bug report.

Best regards,
Karl
Image
Linux Mint 19.3 64-bit Cinnamon, Total Commander 9.51 64-bit
Cap
Level 2
Level 2
Posts: 97
Joined: Sat Dec 21, 2019 8:56 pm

Re: Are kernel updates security updates?

Post by Cap »

Perhaps because it is German language? In English language it displays the same text in Update Manager and Synaptic Package Manager. However the text is not changelog information. It displays,

Code: Select all

linux-meta-hwe (5.3.0.51.104) bionic; urgency=medium

  * Bump ABI 5.3.0-51

 -- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Wed, 22 Apr 2020 19:57:16 -0300

linux-meta-hwe (5.3.0.47.103) bionic; urgency=medium

  * Bump ABI 5.3.0-47

 -- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Mon, 06 Apr 2020 17:06:20 +0200

linux-meta-hwe (5.3.0.46.102) bionic; urgency=medium

  * Bump ABI 5.3.0-46
and more of the similar. That is not a list of CVE patches and changes.
User avatar
karlchen
Level 21
Level 21
Posts: 13675
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: Are kernel updates security updates?

Post by karlchen »

Hi, Cap.

No, my local language is not a relevant factor in this case. It is only the kernel changelogs on Mint 19.3, which are not retrieved by update manager. Other changelogs are retrieved and displayed.
I think that this issue was introduced at the same time as LM 19 got released. But I will have to search a bit in order to verify and confirm or discard what I remember.
And as illustrated above Update Manager LM 19.3, Update Manager LM 18.1 still retrieves and displays the kernel changelogs. Though my local language is German on LM 18.1 as well.

As a matter of fact, I will read changelogs in Synaptic most of the time anyway. For a simple reason: Synaptic will display changelogs for all software packages, before installing/updating them and after installing/updating them. Update Manager can display changelogs only before installing the updates, not afterwards.

Karl
Image
Linux Mint 19.3 64-bit Cinnamon, Total Commander 9.51 64-bit
User avatar
karlchen
Level 21
Level 21
Posts: 13675
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: Are kernel updates security updates?

Post by karlchen »

Linux Mint 19.x Update Manager simply looks in several wrong places for the kernel changelogs!

Here is the correct location of the changelog for kernel 4.15.0-99.100 (most recent 4.15.0 LTS kernel):
http://changelogs.ubuntu.com/changelogs/pool/main/l/linux/linux_4.15.0-99.100/changelog

This, however, is where Update Manager looks for it and fails (1st failure):
http://changelogs.ubuntu.com/changelogs/pool/main/l/linux-meta/linux-meta_4.15.0-99.100/changelog
(Note: twice it reads linux_meta, where it should be only linux)

Then it goes on in more places, still looking for linux_meta, instead of linux only:
Trying to fetch the changelog from: http://changelogs.ubuntu.com/changelogs/pool/main/l/linux-meta/linux-meta_4.15.0-99.100/changelog
Trying to fetch the changelog from: http://changelogs.ubuntu.com/changelogs/pool/multiverse/l/linux-meta/linux-meta_4.15.0-99.100/changelog
Trying to fetch the changelog from: http://changelogs.ubuntu.com/changelogs/pool/universe/l/linux-meta/linux-meta_4.15.0-99.100/changelog
Trying to fetch the changelog from: http://changelogs.ubuntu.com/changelogs/pool/restricted/l/linux-meta/linux-meta_4.15.0-99.100/changelog

--
P.S.:
Somehow the thread, where I found the correct address to kernel 4.15.0-xx changelog, reminds a bit of our thread here. :wink: viewtopic.php?f=90&t=307779
Image
Linux Mint 19.3 64-bit Cinnamon, Total Commander 9.51 64-bit
Cap
Level 2
Level 2
Posts: 97
Joined: Sat Dec 21, 2019 8:56 pm

Re: Are kernel updates security updates?

Post by Cap »

karlchen wrote:
Sun May 03, 2020 11:30 am
Inside the Mint Update Manager, are you sure you clicked on the right package (group) and then on changelog?
Yes. When I click on the Changelog for Linux kernel it does not fail. It loads this text,

Code: Select all

linux-meta-hwe (5.3.0.51.104) bionic; urgency=medium

  * Bump ABI 5.3.0-51

 -- Thadeu Lima de Souza Cascardo <cascardo@canonical.com>  Wed, 22 Apr 2020 19:57:16 -0300

linux-meta-hwe (5.3.0.47.103) bionic; urgency=medium

  * Bump ABI 5.3.0-47

 -- Kleber Sacilotto de Souza <kleber.souza@canonical.com>  Mon, 06 Apr 2020 17:06:20 +0200

linux-meta-hwe (5.3.0.46.102) bionic; urgency=medium

  * Bump ABI 5.3.0-46
Synaptic also loads this same text.
Post Reply

Return to “Newbie Questions”