Slackware Recent Security Kernel Updates Procedure
Iíll be first to admit that my Slackware skills are not that great.
Slackware version 13.37.0 64-bit
I saw the kernel security updates come out addressing CVE-2013-2094.
Normally I would run the following command.
# slackpkg upgrade-all
I see the following waiting to be updated:
If these are just normal updates I would hit ďOkĒ and move on, but since this will change my kernel settings I am hesitant to follow this method.
What are the specific steps I should take to apply these security updates?
You are using the -huge kernel, so there is no concern about updating initrd using mkinitrd prior to running lilo.
You probably have a line in your /etc/lilo.conf
If you have a reliable internet connection, then all you need to do is use 'slackpkg upgrade-all' and then accept the option at the end to run 'lilo' so that the bootloader image is updated. The /boot/vmlinuz symlink will be automatically updated during installation.
If you are using any software that requires kernel modules to be built, the kernel modules will need to be rebuilt after rebooting your system following the update. Examples are the nVidia proprietary graphics driver and VirtualBox.
If you have been booting directly to run level 4 for a graphical login and you need to build the graphics kernel module, when you reboot, select your Slackware install, hit TAB and then add ' 3' (NB a space then a 3) as an option. This will cause your system to boot to run level 3, so you have a command line login.
If you have an unreliable internet connection, consider downloading all the packages first prior to upgrading. There is an option in /etc/slackpkg/slackpkg.conf that can be changed from 'off' to 'on' to allow this.
Yes I do have:
Image = /boot/vmlinuz
In my /etc/lilo.conf file.
I see symlinks for:
System.map -> System.map-huge-188.8.131.52
config -> config-huge-184.108.40.206
vmlinuz -> vmlinuz-huge-220.127.116.11
In my /boot directory.
I donít think I have any applications that are dependent on kernel modules being built.
Iím using text/headless login.
I'll try the slackpkg upgrade
If I may add:
Before upgrading the kernel, make sure you have an alternate method of booting, such as a Slackware install CD. Hopefully you will not need it, but when you do, you really do need it.
Consider not upgrading the kernel at all, if you feel the threat associated with the security issue is low compared to the risk of breaking something from the upgrade. In this case, the security issue is in a local user becoming root. If you are the only user of the PC and owner of the root account, you might consider just leaving it.
You should see the advice on /etc/slackpkg/blacklist regarding kernel package upgrades as well, and decide whether to let slackpkg update for you, or do it yourself manually. Either way, you should also have a copy of the old kernel packages somewhere just in case you find yourself unable to use your system with the new kernel packages (as people have experienced in another thread.)
Some very good ideas. I have made a backup of my kernel and added an entry in my lilo.conf to allow me to boot into it if things go badly.
I also have my Slackware install CD handy.
|All times are GMT -5. The time now is 02:11 AM.|