VectorLinux
April 22, 2014, 10:39:59 pm *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Visit our home page for VL info. To search the old message board go to http://vectorlinux.com/forum1. The first VL forum is temporarily offline until we can find a host for it. Thanks for your patience.
 
Now powered by KnowledgeDex.
   Home   Help Search Login Register  
Please support VectorLinux!
Pages: [1]
  Print  
Author Topic: Danger! New exploit - all VL 5.9 and 6.0 versions vulnerable! fix inside  (Read 41606 times)
uelsk8s
Administrator
Vectorian
*****
Posts: 2503



« on: August 18, 2009, 07:52:09 am »


download the kernels and install like any other package.
You will need the kernel and kernel-module packages, the kernel-src package is optional and only needed to build kernel and drivers
After you install run vliloconf or manually add the new kernel to your bootloader.
After rebooting with the new kernel and verifying that it works on your system, you may remove the older kernel if you want.

Logged
sledgehammer
Vectorian
****
Posts: 1397



« Reply #1 on: December 12, 2009, 10:28:02 am »

1. Is there some way to do this kernel update using gslapt?

2.  How do I tell what patches if any have already been added to my kernel?

Thx

John

Logged

VL7.0 xfce4 Samsung RF511
MikeCindi
Moderator
Vectorian
*****
Posts: 1071


« Reply #2 on: December 12, 2009, 12:51:29 pm »

Since the report only indicates affected kernels up to 2.6.30.4 this shouldn't be an issue with the VL-SOHO 6.0beta 2 which has kernel 2.6.31.6. Am I correct?
Logged

The plans of the diligent lead to profit...Pro. 21:5
VL64 7.1b3                                     RLU 486143
rbistolfi
Packager
Vectorian
****
Posts: 2265


« Reply #3 on: December 12, 2009, 04:26:59 pm »

1. Is there some way to do this kernel update using gslapt?

2.  How do I tell what patches if any have already been added to my kernel?

Thx

John



Kernel packages cant be installed with Gslapt. The problem is that gslapt updates by default, removing the older package. If the new kernel doesnt work for you, you are stuck with a non bootable system. However, installing from command line is very easy, here are the exact commands:

Code:
installpkg ftp://ftp.osuosl.org/pub/vectorlinux/veclinux-6.0/kernels/kernel-2.6.27.29-i686-1vl60.tlz
installpkg ftp://ftp.osuosl.org/pub/vectorlinux/veclinux-6.0/kernels/kernel-modules-2.6.27.29-i686-1vl60.tlz
installpkg ftp://ftp.osuosl.org/pub/vectorlinux/veclinux-6.0/kernels/kernel-src-2.6.27.29-i686-1vl60.tlz
vliloconf

Everything as root, as usual.
Thanks uelsk8s for the packages.


Logged

"There is a concept which corrupts and upsets all others. I refer not to Evil, whose limited realm is that of ethics; I refer to the infinite."
Jorge Luis Borges, Avatars of the Tortoise.

--
Jumalauta!!
GrannyGeek
Packager
Vectorian
****
Posts: 2567


« Reply #4 on: December 12, 2009, 07:56:40 pm »

Since the report only indicates affected kernels up to 2.6.30.4 this shouldn't be an issue with the VL-SOHO 6.0beta 2 which has kernel 2.6.31.6. Am I correct?

Where did you see that versions up to 2.6.30.4 are affected?

This is report is months old and I thought the kernel 2.6.27.29 packages fixed the vulnerability. Did I miss something? I installed those packages on all my computers as soon as they were available.
--GrannyGeek
Logged

Registered Linux User #397786

Happily running VL 7 Gold on  a Sempron LE-1300 desktop (2.3 GHz), 4 G RAM,  GeForce 6150 SE onboard graphics and on an HP Pavilion dv7 i7, 6 gigs, Intel 2nd Generation Integrated Graphics Controller
sledgehammer
Vectorian
****
Posts: 1397



« Reply #5 on: December 12, 2009, 08:17:50 pm »

In light of GrannyGeek's comment not too sure I needed to update kernel in VL6.0, but I did and it worked great.

Thanks uelsk8s

John
Logged

VL7.0 xfce4 Samsung RF511
MikeCindi
Moderator
Vectorian
*****
Posts: 1071


« Reply #6 on: December 13, 2009, 08:09:29 pm »

Where did you see that versions up to 2.6.30.4 are affected?

Uelsk8s posted a link and I followed another link in that article that told more about the vulnerabilty (http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html). The other link implies that the fix may leave something to be desired (http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98). But perhaps the author comments have led to a "proper" fix in later kernels.

HTH,
Mike
« Last Edit: December 13, 2009, 08:13:47 pm by MikeCindi » Logged

The plans of the diligent lead to profit...Pro. 21:5
VL64 7.1b3                                     RLU 486143
GrannyGeek
Packager
Vectorian
****
Posts: 2567


« Reply #7 on: December 15, 2009, 05:44:41 pm »

I don't understand a word of those links, so I'll have to trust our VL devs to issue kernel updates if they're necessary.
--GrannyGeek
Logged

Registered Linux User #397786

Happily running VL 7 Gold on  a Sempron LE-1300 desktop (2.3 GHz), 4 G RAM,  GeForce 6150 SE onboard graphics and on an HP Pavilion dv7 i7, 6 gigs, Intel 2nd Generation Integrated Graphics Controller
emolotricity
Member
*
Posts: 22


« Reply #8 on: August 09, 2010, 07:14:12 am »

Is there a place I can put a shell script which will do the update next time I restart the computer, then remove itself so it would only do it once?
Logged
scififry
Member
*
Posts: 66


« Reply #9 on: May 17, 2011, 04:29:01 am »

Oh, this message shocked me a bit because I ran Linux 2.6.27.12 for a relatively long time... Shocked

But now it's fixed, installed Linux 2.6.31.8 and it's working fine, thank you uelsk8s for compiling them! Smiley

Now my question about this:
After installing them, I can select the new kernel as operating system when Lilo boots. How do I set Lilo that it boots the new kernel by default?

EDIT: I'll install VL 7.0, didn't know there's a brand new version! Thank you for making it! Smiley BTW, will there be a 7.0 Light edition?
« Last Edit: May 17, 2011, 04:56:32 am by scififry » Logged
Drawo
Member
*
Posts: 6



« Reply #10 on: September 30, 2011, 11:46:36 pm »

I don't understand it... for me its not easy to do.
I run VL 6.0 KDE  3.5.10 on my computer. And i have no problems so far. starts up fine and what is the danger Huh
Greetings,
Drawo
Logged
nightflier
Administrator
Vectorian
*****
Posts: 3941



« Reply #11 on: October 01, 2011, 04:17:49 am »

Drawo, the KDE version was released after this news broke. It uses the patched kernel mentioned above, no need to upgrade.
Logged
Drawo
Member
*
Posts: 6



« Reply #12 on: October 01, 2011, 04:50:21 am »

Drawo, the KDE version was released after this news broke. It uses the patched kernel mentioned above, no need to upgrade.
i must read more, and learn the English language better....  Sorry !
Thanks for your advice !
Greetings,
Drawo
Logged
nightflier
Administrator
Vectorian
*****
Posts: 3941



« Reply #13 on: October 01, 2011, 08:48:23 am »

No problem whatsoever.  Smiley  You do want to make sure in these cases. Glad to hear that VL works for you.
Logged
Drawo
Member
*
Posts: 6



« Reply #14 on: October 02, 2011, 02:14:25 am »

No problem whatsoever.  Smiley  You do want to make sure in these cases. Glad to hear that VL works for you.
Oh yes, and very stable, my old AMD Athlon xp1800+ with Nvidia and Riva TNT drivers is like new.
I like that computer, i now that he can not work forever... But so long as it works why buy a new one, money grows not in my garden, that sould be good !
Greetings, and have a nice Sunday,
Drawo
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!