Kernel Security Advisory?

shadowsnipes · 02-12-2008, 11:43 AM

Does anyone know what the specific patches are for the kernel packages listed in this security advisory?

I downloaded one of them and diff'd the config with the older one and there was no difference. The kernel versions are the same, so what was patched?

The links for more information in the security advisory just lead to pages that say "it's under review".

Lenard · 02-12-2008, 12:21 PM

See here: http://lwn.net/Articles/268661/ and here: http://lwn.net/Articles/268418/

Jeebizz · 02-12-2008, 12:29 PM

This has already been addressed by Pat. See the current-changelog: http://www.slackware.com/changelog/current.php?cpu=i386

Quote:

Mon Feb 11 17:47:58 CST 2008
a/kernel-generic-2.6.23.16-i486-1.tgz:
Upgraded to Linux 2.6.23.16 uniprocessor generic.s (requires initrd) kernel.
All of these kernel upgrades fix yesterday's local root exploit.
The kernel headers did not change, so a glibc rebuild is not required.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename...=CVE-2008-0010
http://cve.mitre.org/cgi-bin/cvename...=CVE-2008-0163
http://cve.mitre.org/cgi-bin/cvename...=CVE-2008-0600
(* Security fix *)
If you use lilo, don't forget to run it again after the upgrade.
a/kernel-generic-smp-2.6.23.16_smp-i686-1.tgz:
Upgraded to Linux 2.6.23.16 SMP gensmp.s (requires initrd) kernel.
(* Security fix *)
a/kernel-huge-2.6.23.16-i486-1.tgz:
Upgraded to Linux 2.6.23.16 uniprocessor huge.s (full-featured) kernel.
(* Security fix *)
a/kernel-huge-smp-2.6.23.16_smp-i686-1.tgz:
Upgraded to Linux 2.6.23.16 SMP hugesmp.s (full-featured) kernel.
(* Security fix *)
a/kernel-modules-2.6.23.16-i486-1.tgz
Upgraded to Linux 2.6.23.16 uniprocessor kernel modules.
a/kernel-modules-smp-2.6.23.16_smp-i686-1.tgz
Upgraded to Linux 2.6.23.16 SMP kernel modules.
d/kernel-headers-2.6.23.16_smp-i386-1.tgz:
Upgraded to Linux 2.6.23.16 SMP kernel headers.
k/kernel-source-2.6.23.16_smp-noarch-1.tgz
Upgraded to Linux 2.6.23.16 SMP kernel source.
(* Security fix *)
l/svgalib_helper-1.9.25_2.6.23.16-i486-1.tgz: Rebuilt for 2.6.23.16 kernels.
isolinux/initrd.img: Upgraded modules to 2.6.23.16.
kernels/huge.s/*: Upgraded huge.s kernel to 2.6.23.16.
(* Security fix *)
kernels/hugesmp.s/*: Upgraded hugesmp.s kernel to 2.6.23.16 (SMP).
(* Security fix *)
kernels/speakup.s: Updated speakup.s kernel to 2.6.23.16.
(* Security fix *)
extra/linux-2.6.23.16-nosmp-sdk/: Updated SMP to no-SMP kernel source patch.
(* Security fix *)
usb-and-pxe-installers/: Updated USB and PXE installers to 2.6.23.16 modules.
+--------------------------+

dunric · 02-12-2008, 12:31 PM

There is no change in kernel configs but sources are patched. See
README.TXT
and
splice.c.diff.gz

frandalla · 02-12-2008, 01:23 PM

this concernes to a security breach that allowed root privileges through vmsplice.
Kernel.org released patch today and slack's patch is there also

shadowsnipes · 02-12-2008, 01:36 PM

Quote:

Originally Posted by dunric

There is no change in kernel configs but sources are patched. See
README.TXT
and
splice.c.diff.gz

This is exactly what I was looking for. I'll know where to look next time. Thank you.

Lenard:

The articles were very informative as well. I might try out the exploit code on some extra boxes later.

stormtracknole · 02-12-2008, 06:55 PM

Quote:

Originally Posted by dunric

There is no change in kernel configs but sources are patched. See
README.TXT
and
splice.c.diff.gz

Pardon my lack of knowledge on this, blame it on depending on yum for kernel updates in Fedora.

Anyway, can someone provide a little more in dept step by step on how to apply this patch? I read the README.TXT and am I just a tad confuse. Do I have to move the .config file to all of the kernel-* directories? Is it easier to upgrade kernel from the current tree? I'm running a Slackware server and I don't want to fork it by not doing the update correctly. Thanks in advance!

mRgOBLIN · 02-12-2008, 11:02 PM

No you just have to upgrade the kernel with the one supplied for whatever version you are running.

So assuming you are running 12.0 just download kernel-generic-smp-2.6.21.5_smp-i686-2_slack12.0.tgz
from the patches directory.

then as root run

Code:

upgradepkg kernel-generic-smp-2.6.21.5_smp-i686-2_slack12.0.tgz

If you use Lilo as your boot manager then you should run the command

Code:

lilo

shadowsnipes · 02-12-2008, 11:54 PM

Quote:

Originally Posted by stormtracknole

Pardon my lack of knowledge on this, blame it on depending on yum for kernel updates in Fedora.

Anyway, can someone provide a little more in dept step by step on how to apply this patch? I read the README.TXT and am I just a tad confuse. Do I have to move the .config file to all of the kernel-* directories? Is it easier to upgrade kernel from the current tree? I'm running a Slackware server and I don't want to fork it by not doing the update correctly. Thanks in advance!

The way to update this depends on your setup.

If you have made a custom kernel image based off of the default slackware kernel sources, then you should use the patch as described in the README to patch your sources in order to rebuild your custom kernels.

If you are using a custom kernel that is a different version then you should patch or upgrade up to the version that is needed. The articles that Lenard linked to should lead you where to find what you need. If you are in this boat you could just build from the newest stable kernel from kernel.org.

However, I'm assuming you are using the stock slackware kernel images. In that case, you can simply download and install the newest package that you need (looks like mRgOBLIN left directions for installing). Look in the security advisory for information on where to download it.

To see what a slackware package looks like on the inside you can you explodepkg or just use tar. explodepkg basically just untars the package and tells you that it isn't running the install script.

For instance, if I don't feel like unpacking a package to see a list of its contents I can just use tar

Code:

tar zvtf kernel-generic-smp-2.6.21.5_smp-i686-2_slack12.0.tgz 
drwxr-xr-x root/root         0 2008-02-11 17:16 ./
drwxr-xr-x root/root         0 2008-02-11 17:16 boot/
-rw-r--r-- root/root   2088024 2008-02-11 17:16 boot/vmlinuz-generic-smp-2.6.21.5-smp
-rw-r--r-- root/root    813610 2008-02-11 17:16 boot/System.map-generic-smp-2.6.21.5-smp
-rw-r--r-- root/root     72764 2008-02-11 17:16 boot/config-generic-smp-2.6.21.5-smp
drwxr-xr-x root/root         0 2008-02-11 17:16 install/
-rw-r--r-- root/root      1143 2008-02-11 17:16 install/slack-desc
-rw-r--r-- root/root       279 2008-02-11 17:16 install/doinst.sh

the install directory is a special directory where the package description (slack-desc) and the install script (doinst.sh) are located. The rest of the files/directories represent where stuff would be installed. So, as you can see you will have three entries installed to /boot.

Now if you want to see what the doinst.sh script does, you can use tar to extract that file to stdout with the -0 switch.

Code:

tar -zOx install/doinst.sh -f kernel-generic-smp-2.6.21.5_smp-i686-2_slack12.0.tgz
( cd boot ; rm -rf vmlinuz )
( cd boot ; ln -sf vmlinuz-generic-smp-2.6.21.5-smp vmlinuz )
( cd boot ; rm -rf System.map )
( cd boot ; ln -sf System.map-generic-smp-2.6.21.5-smp System.map )
( cd boot ; rm -rf config )
( cd boot ; ln -sf config-generic-smp-2.6.21.5-smp config )

Notice that it only extracted the install/doinst.sh file because it was specified (otherwise all of the files would have been extracted to stdout).

As you can see the doinst.sh simply links vmlinuz, System.map, and config to this kernels files under /boot. So, this supports my statement of why you can just install this package (or one similar) if you are using the stock slackware kernels.

reed68 · 02-18-2008, 08:54 AM

Hello,

RE: kernel exploit fix (SSA:2008-042-01). http://tinyurl.com/2oklj5

A) I'm worried about upgrading the kernel package referred to in that security advisory.
I'd like to confirm which one:
- kernel-generic-2.6.21.5-i486-2_slack12.0.tgz
- kernel-huge-2.6.21.5-i486-2_slack12.0.tgz
- kernel-huge-smp-2.6.21.5_smp-i686-2_slack12.0.tgz
- kernel-generic-smp-2.6.21.5_smp-i686-2_slack12.0.tgz

I'm hoping someone can confirm for me that I should use the following update:
- File: kernel-huge-smp-2.6.21.5_smp-i686-2_slack12.0.tgz

B) I'm using Slackware 12 stable. My output:
$ uname -a
2.6.21.5-smp i686 Intel(R) Pentium(R) 4 CPU 3.00GHz GenuineIntel GNU/Linux

$arch
i686

$ ls -l /boot
vmlinuz -> vmlinuz-huge-smp-2.6.21.5-smp

C) I would like to confirm I should run:
# upgradepkg kernel-huge-smp-2.6.21.5_smp-i686-2_slack12.0.tgz
# lilo

I'm posting a question that I think I know the answer to but I feel better safe than sorry.

Thank you for your time and advice.

Brian

hitest · 02-18-2008, 09:10 AM

Quote:

Originally Posted by reed68

I would like to confirm I should run:
# upgradepkg kernel-huge-smp-2.6.21.5_smp-i686-2_slack12.0.tgz
# lilo

Yes, that is the correct one to choose.

Jeebizz · 02-18-2008, 09:11 AM

Quote:

Originally Posted by reed68
A) I'm worried about upgrading the kernel package referred to in that security advisory.
I'd like to confirm which one:
- kernel-generic-2.6.21.5-i486-2_slack12.0.tgz
- kernel-huge-2.6.21.5-i486-2_slack12.0.tgz
- kernel-huge-smp-2.6.21.5_smp-i686-2_slack12.0.tgz
- kernel-generic-smp-2.6.21.5_smp-i686-2_slack12.0.tgz

I'm hoping someone can confirm for me that I should use the following update:

I'm using Slackware 12 stable. My output:
$ uname -a
2.6.21.5-smp i686 Intel(R) Pentium(R) 4 CPU 3.00GHz GenuineIntel GNU/Linux

You have pretty much confirmed it. All you have to do is upgradepkg with the kernel-huge-smp-2.6.21.5_smp-i686-2_slack12.0.tgz and then run /sbin/lilo to update lilo, and you're done!

lgtrean · 02-18-2008, 11:33 AM

Hi hitest and Jeebizz,

Thanks for your help. I appreciate it!

Brian

hitest · 02-18-2008, 11:51 AM

Quote:

Originally Posted by lgtrean

Hi hitest and Jeebizz,

Thanks for your help. I appreciate it!

Brian

You're welcome:-)