LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 05-21-2013, 11:29 AM   #1
Ani
LQ Newbie
 
Registered: Oct 2002
Posts: 27

Rep: Reputation: 0
Slackware Recent Security Kernel Updates Procedure


I’ll be first to admit that my Slackware skills are not that great.

My setup:
Slackware version 13.37.0 64-bit
vmlinuz-huge-2.6.37.6 kernel

I saw the kernel security updates come out addressing CVE-2013-2094.
Normally I would run the following command.
# slackpkg upgrade-all

I see the following waiting to be updated:
kernel-firmware
kernel-generic
kernel-headers
kernel-huge
kernel-modules
kernel-soucre

If these are just normal updates I would hit “Ok” and move on, but since this will change my kernel settings I am hesitant to follow this method.

What are the specific steps I should take to apply these security updates?

Thanks!
 
Old 05-21-2013, 12:14 PM   #2
allend
LQ 5k Club
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware64-15.0
Posts: 6,350

Rep: Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739
You are using the -huge kernel, so there is no concern about updating initrd using mkinitrd prior to running lilo.
You probably have a line in your /etc/lilo.conf
Code:
image = /boot/vmlinuz
and a symlink /boot/vmlinuz that points to your existing huge kernel.
If you have a reliable internet connection, then all you need to do is use 'slackpkg upgrade-all' and then accept the option at the end to run 'lilo' so that the bootloader image is updated. The /boot/vmlinuz symlink will be automatically updated during installation.

If you are using any software that requires kernel modules to be built, the kernel modules will need to be rebuilt after rebooting your system following the update. Examples are the nVidia proprietary graphics driver and VirtualBox.
If you have been booting directly to run level 4 for a graphical login and you need to build the graphics kernel module, when you reboot, select your Slackware install, hit TAB and then add ' 3' (NB a space then a 3) as an option. This will cause your system to boot to run level 3, so you have a command line login.

If you have an unreliable internet connection, consider downloading all the packages first prior to upgrading. There is an option in /etc/slackpkg/slackpkg.conf that can be changed from 'off' to 'on' to allow this.
Code:
DOWNLOAD_ALL=off

Last edited by allend; 05-21-2013 at 12:22 PM.
 
Old 05-21-2013, 02:52 PM   #3
Ani
LQ Newbie
 
Registered: Oct 2002
Posts: 27

Original Poster
Rep: Reputation: 0
Thanks Allend!

Yes I do have:
Image = /boot/vmlinuz
vga=normal

In my /etc/lilo.conf file.

I see symlinks for:
System.map -> System.map-huge-2.6.37.6
config -> config-huge-2.6.37.6
vmlinuz -> vmlinuz-huge-2.6.37.6

In my /boot directory.

I don’t think I have any applications that are dependent on kernel modules being built.
I’m using text/headless login.

I'll try the slackpkg upgrade
 
Old 05-21-2013, 07:28 PM   #4
ljb643
Member
 
Registered: Nov 2003
Posts: 526

Rep: Reputation: Disabled
If I may add:

Before upgrading the kernel, make sure you have an alternate method of booting, such as a Slackware install CD. Hopefully you will not need it, but when you do, you really do need it.

Consider not upgrading the kernel at all, if you feel the threat associated with the security issue is low compared to the risk of breaking something from the upgrade. In this case, the security issue is in a local user becoming root. If you are the only user of the PC and owner of the root account, you might consider just leaving it.
 
Old 05-21-2013, 08:02 PM   #5
zakame
Member
 
Registered: Apr 2012
Location: Philippines
Distribution: Debian, Ubuntu, Slackware
Posts: 295

Rep: Reputation: 181Reputation: 181
You should see the advice on /etc/slackpkg/blacklist regarding kernel package upgrades as well, and decide whether to let slackpkg update for you, or do it yourself manually. Either way, you should also have a copy of the old kernel packages somewhere just in case you find yourself unable to use your system with the new kernel packages (as people have experienced in another thread.)
 
Old 05-22-2013, 08:30 AM   #6
Ani
LQ Newbie
 
Registered: Oct 2002
Posts: 27

Original Poster
Rep: Reputation: 0
Some very good ideas. I have made a backup of my kernel and added an entry in my lilo.conf to allow me to boot into it if things go badly.
I also have my Slackware install CD handy.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Slackware security updates !!! JKoder Linux - Security 1 06-09-2006 07:31 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 05:23 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration