LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   Slackware Recent Security Kernel Updates Procedure (http://www.linuxquestions.org/questions/slackware-14/slackware-recent-security-kernel-updates-procedure-4175462889/)

Ani 05-21-2013 12:29 PM

Slackware Recent Security Kernel Updates Procedure
 
Iíll be first to admit that my Slackware skills are not that great.

My setup:
Slackware version 13.37.0 64-bit
vmlinuz-huge-2.6.37.6 kernel

I saw the kernel security updates come out addressing CVE-2013-2094.
Normally I would run the following command.
# slackpkg upgrade-all

I see the following waiting to be updated:
kernel-firmware
kernel-generic
kernel-headers
kernel-huge
kernel-modules
kernel-soucre

If these are just normal updates I would hit ďOkĒ and move on, but since this will change my kernel settings I am hesitant to follow this method.

What are the specific steps I should take to apply these security updates?

Thanks!

allend 05-21-2013 01:14 PM

You are using the -huge kernel, so there is no concern about updating initrd using mkinitrd prior to running lilo.
You probably have a line in your /etc/lilo.conf
Code:

image = /boot/vmlinuz
and a symlink /boot/vmlinuz that points to your existing huge kernel.
If you have a reliable internet connection, then all you need to do is use 'slackpkg upgrade-all' and then accept the option at the end to run 'lilo' so that the bootloader image is updated. The /boot/vmlinuz symlink will be automatically updated during installation.

If you are using any software that requires kernel modules to be built, the kernel modules will need to be rebuilt after rebooting your system following the update. Examples are the nVidia proprietary graphics driver and VirtualBox.
If you have been booting directly to run level 4 for a graphical login and you need to build the graphics kernel module, when you reboot, select your Slackware install, hit TAB and then add ' 3' (NB a space then a 3) as an option. This will cause your system to boot to run level 3, so you have a command line login.

If you have an unreliable internet connection, consider downloading all the packages first prior to upgrading. There is an option in /etc/slackpkg/slackpkg.conf that can be changed from 'off' to 'on' to allow this.
Code:

DOWNLOAD_ALL=off

Ani 05-21-2013 03:52 PM

Thanks Allend!

Yes I do have:
Image = /boot/vmlinuz
vga=normal

In my /etc/lilo.conf file.

I see symlinks for:
System.map -> System.map-huge-2.6.37.6
config -> config-huge-2.6.37.6
vmlinuz -> vmlinuz-huge-2.6.37.6

In my /boot directory.

I donít think I have any applications that are dependent on kernel modules being built.
Iím using text/headless login.

I'll try the slackpkg upgrade

ljb643 05-21-2013 08:28 PM

If I may add:

Before upgrading the kernel, make sure you have an alternate method of booting, such as a Slackware install CD. Hopefully you will not need it, but when you do, you really do need it.

Consider not upgrading the kernel at all, if you feel the threat associated with the security issue is low compared to the risk of breaking something from the upgrade. In this case, the security issue is in a local user becoming root. If you are the only user of the PC and owner of the root account, you might consider just leaving it.

zakame 05-21-2013 09:02 PM

You should see the advice on /etc/slackpkg/blacklist regarding kernel package upgrades as well, and decide whether to let slackpkg update for you, or do it yourself manually. Either way, you should also have a copy of the old kernel packages somewhere just in case you find yourself unable to use your system with the new kernel packages (as people have experienced in another thread.)

Ani 05-22-2013 09:30 AM

Some very good ideas. I have made a backup of my kernel and added an entry in my lilo.conf to allow me to boot into it if things go badly.
I also have my Slackware install CD handy.


All times are GMT -5. The time now is 05:28 PM.