Upgrade time. folks.

This only applies to x86_64 architecture only, not in x86

1 members found this post helpful.

Does anyone know if there's a really compelling case to install these ? Like a major performance boost, new feature, or security/bug fixes.

security bug fixes

as it's about CONFIG_X86_X32_ABI, related to x86 emulation (the X32 flavour) on x86_64, native 32 bit archs shouldn't be affected.

Ok - so CVE-2014-0038 is really not too critical if you're running a laptop and you're really the only user and you also know the root login password :-)

Thing of course is that every time you install a new kernely, you have to re-install virtualbox and nvidia drivers (if you use them). And run lilo. And perhaps build a new initrd if you use that too. Thus a bit of a fag unless there's something motivating.

Thanks for the answers @ponce and @willysr.

The danger is from a piggyback attack. Arbitrary code exploit in Firefox, flashplayer, java etc, or even things like xpdf, MPlayer, OpenOffice or any other app that references untrusted data, or god forbid a network facing server vulnerability, + CVE-2014-0038 = PWNED!

If you're running 64bit, do the update! It doesn't take much effort to re-run mkinitrd and /sbin/lilo.


Actually, for 14.1 users, I'd be inclined to borrow the .30 kernel from -current instead of the rebuilt .17 in patches/: lots of water under the bridge since .17 was released.

1 members found this post helpful.

Installed them last night and all is well.... so far, so good.

GazL reminds us that attackers can, and do, combine individual vulnerabilities to expand effective attack surfaces and/or amplify impact.
It's a mistake to believe you don't need to worry about CVE-2014-0038 in the single-user context.

Also, GazL's 3.10.30 recommendation highlights the wisdom in the way Pat structured the kernel deployment: 3.10.30 is available to
interested 14.1 users (via current) but they can always fall back on 3.10.17 (patched for CVE-2014-0038) should they get bitten by
kernel regressions.

--mancha

2 members found this post helpful.

I find it a little disconcerting that the kernel packages I have installed now (from the original 14.1 ISO) are build -3, but the security-fixed ones are build -2.

It feels like I'm going backwards.

Yeah, i noticed the same thing, but nevertheless, it contains the fix we need

Just got them installed; they are indeed newer as evidenced by the build dates:

Before: Linux bowman 3.10.17 #2 SMP Wed Oct 23 16:34:38 CDT 2013 x86_64 AMD FX(tm)-8350 Eight-Core Processor AuthenticAMD GNU/Linux

After: Linux bowman 3.10.17 #1 SMP Fri Feb 14 16:39:21 CST 2014 x86_64 AMD FX(tm)-8350 Eight-Core Processor AuthenticAMD GNU/Linux

Thank you Slackware Security Team; the upgrade went as smooth as smooth can be.

heh! Typical. Always the day after.

Ivybridge owners might be interested in this one as the changelog mentions a fix for a "large performance regression", the rest mostly seems to be ARM related. I'll probably skip this one and wait for .32 (unless I get bored or anything important comes to light).


I'm a little surprised Greg hasn't EOL'd 3.12 yet with 4 releases of 3.13 out the door.

Yeah, I updated and posted too quickly without reading the changelog closely enough. Maybe ease up on the criticism a bit, okay? I think my post had some value.

@hitest: If it still allows you maybe it makes sense to edit the title so it also attracts the attention of 14.1 users
and not just current users. Maybe something like: "new kernels: 14.1 (64 bit) and current (32 & 64 bit)".

--mancha

PS Your post is fine, Pat upgraded kernels in 32 and 64 bit current.

1 members found this post helpful.