LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 02-12-2008, 11:43 AM   #1
shadowsnipes
Senior Member
 
Registered: Sep 2005
Distribution: Slackware
Posts: 1,441

Rep: Reputation: 70
Kernel Security Advisory?


Does anyone know what the specific patches are for the kernel packages listed in this security advisory?

I downloaded one of them and diff'd the config with the older one and there was no difference. The kernel versions are the same, so what was patched?

The links for more information in the security advisory just lead to pages that say "it's under review".
 
Old 02-12-2008, 12:21 PM   #2
Lenard
Senior Member
 
Registered: Dec 2005
Location: Indiana
Distribution: RHEL/CentOS/SL 5 i386 and x86_64 pata for IDE in use
Posts: 4,790

Rep: Reputation: 56
See here: http://lwn.net/Articles/268661/ and here: http://lwn.net/Articles/268418/
 
Old 02-12-2008, 12:29 PM   #3
Jeebizz
Senior Member
 
Registered: May 2004
Distribution: Slackware 14.1 64-bit with multilib
Posts: 2,074

Rep: Reputation: 193Reputation: 193
This has already been addressed by Pat. See the current-changelog: http://www.slackware.com/changelog/current.php?cpu=i386

Quote:
Mon Feb 11 17:47:58 CST 2008
a/kernel-generic-2.6.23.16-i486-1.tgz:
Upgraded to Linux 2.6.23.16 uniprocessor generic.s (requires initrd) kernel.
All of these kernel upgrades fix yesterday's local root exploit.
The kernel headers did not change, so a glibc rebuild is not required.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename...=CVE-2008-0010
http://cve.mitre.org/cgi-bin/cvename...=CVE-2008-0163
http://cve.mitre.org/cgi-bin/cvename...=CVE-2008-0600
(* Security fix *)
If you use lilo, don't forget to run it again after the upgrade.
a/kernel-generic-smp-2.6.23.16_smp-i686-1.tgz:
Upgraded to Linux 2.6.23.16 SMP gensmp.s (requires initrd) kernel.
(* Security fix *)
a/kernel-huge-2.6.23.16-i486-1.tgz:
Upgraded to Linux 2.6.23.16 uniprocessor huge.s (full-featured) kernel.
(* Security fix *)
a/kernel-huge-smp-2.6.23.16_smp-i686-1.tgz:
Upgraded to Linux 2.6.23.16 SMP hugesmp.s (full-featured) kernel.
(* Security fix *)
a/kernel-modules-2.6.23.16-i486-1.tgz
Upgraded to Linux 2.6.23.16 uniprocessor kernel modules.
a/kernel-modules-smp-2.6.23.16_smp-i686-1.tgz
Upgraded to Linux 2.6.23.16 SMP kernel modules.
d/kernel-headers-2.6.23.16_smp-i386-1.tgz:
Upgraded to Linux 2.6.23.16 SMP kernel headers.
k/kernel-source-2.6.23.16_smp-noarch-1.tgz
Upgraded to Linux 2.6.23.16 SMP kernel source.
(* Security fix *)
l/svgalib_helper-1.9.25_2.6.23.16-i486-1.tgz: Rebuilt for 2.6.23.16 kernels.
isolinux/initrd.img: Upgraded modules to 2.6.23.16.
kernels/huge.s/*: Upgraded huge.s kernel to 2.6.23.16.
(* Security fix *)
kernels/hugesmp.s/*: Upgraded hugesmp.s kernel to 2.6.23.16 (SMP).
(* Security fix *)
kernels/speakup.s: Updated speakup.s kernel to 2.6.23.16.
(* Security fix *)
extra/linux-2.6.23.16-nosmp-sdk/: Updated SMP to no-SMP kernel source patch.
(* Security fix *)
usb-and-pxe-installers/: Updated USB and PXE installers to 2.6.23.16 modules.
+--------------------------+
 
Old 02-12-2008, 12:31 PM   #4
dunric
Member
 
Registered: Jul 2004
Distribution: Slackware
Posts: 440

Rep: Reputation: 51
There is no change in kernel configs but sources are patched. See
README.TXT
and
splice.c.diff.gz
 
Old 02-12-2008, 01:23 PM   #5
frandalla
Member
 
Registered: Oct 2003
Location: Tokyo - Japan
Distribution: Slackware
Posts: 348
Blog Entries: 1

Rep: Reputation: 37
this concernes to a security breach that allowed root privileges through vmsplice.
Kernel.org released patch today and slack's patch is there also
 
Old 02-12-2008, 01:36 PM   #6
shadowsnipes
Senior Member
 
Registered: Sep 2005
Distribution: Slackware
Posts: 1,441

Original Poster
Rep: Reputation: 70
Quote:
Originally Posted by dunric View Post
There is no change in kernel configs but sources are patched. See
README.TXT
and
splice.c.diff.gz
This is exactly what I was looking for. I'll know where to look next time. Thank you.

Lenard:

The articles were very informative as well. I might try out the exploit code on some extra boxes later.
 
Old 02-12-2008, 06:55 PM   #7
stormtracknole
Member
 
Registered: Aug 2005
Location: The Big Easy
Distribution: Slackware, RHEL
Posts: 792

Rep: Reputation: 104Reputation: 104
Quote:
Originally Posted by dunric View Post
There is no change in kernel configs but sources are patched. See
README.TXT
and
splice.c.diff.gz
Pardon my lack of knowledge on this, blame it on depending on yum for kernel updates in Fedora. Anyway, can someone provide a little more in dept step by step on how to apply this patch? I read the README.TXT and am I just a tad confuse. Do I have to move the .config file to all of the kernel-* directories? Is it easier to upgrade kernel from the current tree? I'm running a Slackware server and I don't want to fork it by not doing the update correctly. Thanks in advance!
 
Old 02-12-2008, 11:02 PM   #8
mRgOBLIN
Slackware Contributor
 
Registered: Jun 2002
Location: New Zealand
Distribution: Slackware
Posts: 999

Rep: Reputation: 226Reputation: 226Reputation: 226
No you just have to upgrade the kernel with the one supplied for whatever version you are running.

So assuming you are running 12.0 just download kernel-generic-smp-2.6.21.5_smp-i686-2_slack12.0.tgz
from the patches directory.

then as root run
Code:
upgradepkg kernel-generic-smp-2.6.21.5_smp-i686-2_slack12.0.tgz
If you use Lilo as your boot manager then you should run the command
Code:
lilo
 
Old 02-12-2008, 11:54 PM   #9
shadowsnipes
Senior Member
 
Registered: Sep 2005
Distribution: Slackware
Posts: 1,441

Original Poster
Rep: Reputation: 70
Quote:
Originally Posted by stormtracknole View Post
Pardon my lack of knowledge on this, blame it on depending on yum for kernel updates in Fedora. Anyway, can someone provide a little more in dept step by step on how to apply this patch? I read the README.TXT and am I just a tad confuse. Do I have to move the .config file to all of the kernel-* directories? Is it easier to upgrade kernel from the current tree? I'm running a Slackware server and I don't want to fork it by not doing the update correctly. Thanks in advance!
The way to update this depends on your setup.

If you have made a custom kernel image based off of the default slackware kernel sources, then you should use the patch as described in the README to patch your sources in order to rebuild your custom kernels.

If you are using a custom kernel that is a different version then you should patch or upgrade up to the version that is needed. The articles that Lenard linked to should lead you where to find what you need. If you are in this boat you could just build from the newest stable kernel from kernel.org.

However, I'm assuming you are using the stock slackware kernel images. In that case, you can simply download and install the newest package that you need
(looks like mRgOBLIN left directions for installing). Look in the security advisory for information on where to download it.

To see what a slackware package looks like on the inside you can you explodepkg or just use tar. explodepkg basically just untars the package and tells you that it isn't running the install script.

For instance, if I don't feel like unpacking a package to see a list of its contents I can just use tar

Code:
tar zvtf kernel-generic-smp-2.6.21.5_smp-i686-2_slack12.0.tgz 
drwxr-xr-x root/root         0 2008-02-11 17:16 ./
drwxr-xr-x root/root         0 2008-02-11 17:16 boot/
-rw-r--r-- root/root   2088024 2008-02-11 17:16 boot/vmlinuz-generic-smp-2.6.21.5-smp
-rw-r--r-- root/root    813610 2008-02-11 17:16 boot/System.map-generic-smp-2.6.21.5-smp
-rw-r--r-- root/root     72764 2008-02-11 17:16 boot/config-generic-smp-2.6.21.5-smp
drwxr-xr-x root/root         0 2008-02-11 17:16 install/
-rw-r--r-- root/root      1143 2008-02-11 17:16 install/slack-desc
-rw-r--r-- root/root       279 2008-02-11 17:16 install/doinst.sh
the install directory is a special directory where the package description (slack-desc) and the install script (doinst.sh) are located. The rest of the files/directories represent where stuff would be installed. So, as you can see you will have three entries installed to /boot.

Now if you want to see what the doinst.sh script does, you can use tar to extract that file to stdout with the -0 switch.

Code:
tar -zOx install/doinst.sh -f kernel-generic-smp-2.6.21.5_smp-i686-2_slack12.0.tgz
( cd boot ; rm -rf vmlinuz )
( cd boot ; ln -sf vmlinuz-generic-smp-2.6.21.5-smp vmlinuz )
( cd boot ; rm -rf System.map )
( cd boot ; ln -sf System.map-generic-smp-2.6.21.5-smp System.map )
( cd boot ; rm -rf config )
( cd boot ; ln -sf config-generic-smp-2.6.21.5-smp config )
Notice that it only extracted the install/doinst.sh file because it was specified (otherwise all of the files would have been extracted to stdout).

As you can see the doinst.sh simply links vmlinuz, System.map, and config to this kernels files under /boot. So, this supports my statement of why you can just install this package (or one similar) if you are using the stock slackware kernels.
 
Old 02-18-2008, 08:54 AM   #10
reed68
LQ Newbie
 
Registered: Aug 2007
Posts: 28

Rep: Reputation: 0
would like confirmation on package to upgrade

Hello,

RE: kernel exploit fix (SSA:2008-042-01). http://tinyurl.com/2oklj5

A) I'm worried about upgrading the kernel package referred to in that security advisory.
I'd like to confirm which one:
- kernel-generic-2.6.21.5-i486-2_slack12.0.tgz
- kernel-huge-2.6.21.5-i486-2_slack12.0.tgz
- kernel-huge-smp-2.6.21.5_smp-i686-2_slack12.0.tgz
- kernel-generic-smp-2.6.21.5_smp-i686-2_slack12.0.tgz

I'm hoping someone can confirm for me that I should use the following update:
- File: kernel-huge-smp-2.6.21.5_smp-i686-2_slack12.0.tgz

B) I'm using Slackware 12 stable. My output:
$ uname -a
2.6.21.5-smp i686 Intel(R) Pentium(R) 4 CPU 3.00GHz GenuineIntel GNU/Linux

$arch
i686

$ ls -l /boot
vmlinuz -> vmlinuz-huge-smp-2.6.21.5-smp

C) I would like to confirm I should run:
# upgradepkg kernel-huge-smp-2.6.21.5_smp-i686-2_slack12.0.tgz
# lilo

I'm posting a question that I think I know the answer to but I feel better safe than sorry.

Thank you for your time and advice.

Brian
 
Old 02-18-2008, 09:10 AM   #11
hitest
Senior Member
 
Registered: Mar 2004
Location: Prince Rupert, B.C., Canada
Distribution: Slackware 14.1, Slackware64-current, OpenBSD 5.5
Posts: 4,122

Rep: Reputation: 518Reputation: 518Reputation: 518Reputation: 518Reputation: 518Reputation: 518
Quote:
Originally Posted by reed68 View Post
I would like to confirm I should run:
# upgradepkg kernel-huge-smp-2.6.21.5_smp-i686-2_slack12.0.tgz
# lilo
Yes, that is the correct one to choose.

Last edited by hitest; 02-18-2008 at 09:14 AM.
 
Old 02-18-2008, 09:11 AM   #12
Jeebizz
Senior Member
 
Registered: May 2004
Distribution: Slackware 14.1 64-bit with multilib
Posts: 2,074

Rep: Reputation: 193Reputation: 193
Quote:
Originally Posted by reed68
A) I'm worried about upgrading the kernel package referred to in that security advisory.
I'd like to confirm which one:
- kernel-generic-2.6.21.5-i486-2_slack12.0.tgz
- kernel-huge-2.6.21.5-i486-2_slack12.0.tgz
- kernel-huge-smp-2.6.21.5_smp-i686-2_slack12.0.tgz
- kernel-generic-smp-2.6.21.5_smp-i686-2_slack12.0.tgz

I'm hoping someone can confirm for me that I should use the following update:

I'm using Slackware 12 stable. My output:
$ uname -a
2.6.21.5-smp i686 Intel(R) Pentium(R) 4 CPU 3.00GHz GenuineIntel GNU/Linux
You have pretty much confirmed it. All you have to do is upgradepkg with the kernel-huge-smp-2.6.21.5_smp-i686-2_slack12.0.tgz and then run /sbin/lilo to update lilo, and you're done!
 
Old 02-18-2008, 11:33 AM   #13
lgtrean
LQ Newbie
 
Registered: Jan 2006
Location: New York City
Distribution: Debian GNU/Linux 6.0.1 (squeeze)
Posts: 29

Rep: Reputation: 18
Hi hitest and Jeebizz,

Thanks for your help. I appreciate it!

Brian
 
Old 02-18-2008, 11:51 AM   #14
hitest
Senior Member
 
Registered: Mar 2004
Location: Prince Rupert, B.C., Canada
Distribution: Slackware 14.1, Slackware64-current, OpenBSD 5.5
Posts: 4,122

Rep: Reputation: 518Reputation: 518Reputation: 518Reputation: 518Reputation: 518Reputation: 518
Smile

Quote:
Originally Posted by lgtrean View Post
Hi hitest and Jeebizz,

Thanks for your help. I appreciate it!

Brian
You're welcome:-)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Top Linux security advisory LzW-x General 1 06-11-2006 05:18 PM
LXer: Linux.com weekly security advisory - May 5, 2006 LXer Syndicated Linux News 0 05-06-2006 02:03 AM
LXer: How not to respond to a security advisory LXer Syndicated Linux News 0 01-19-2006 05:31 PM
Slackware Security Advisory php Linux - Security 0 11-04-2003 09:44 PM
Red Hat Security Advisory Aussie Linux - Security 0 02-28-2002 12:12 AM


All times are GMT -5. The time now is 01:53 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration