Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
02-19-2014, 11:56 PM
|
#1
|
Guru
Registered: Mar 2004
Location: Canada
Distribution: Slackware (desktops), Void (thinkpad)
Posts: 7,432
|
New kernel in -current (32 bit, 64 bit) and in 14.1( 64 bit)
Upgrade time. folks.
Code:
Linux loki 3.10.30-smp #2 SMP Fri Feb 14 20:54:32 CST 2014 i686 Intel(R) Pentium(R) D CPU 2.80GHz GenuineIntel GNU/Linux
Code:
Thu Feb 20 00:30:49 UTC 2014
a/kernel-firmware-20140215git-noarch-1.txz: Upgraded.
a/kernel-generic-3.10.30-i486-1.txz: Upgraded.
a/kernel-generic-smp-3.10.30_smp-i686-1.txz: Upgraded.
a/kernel-huge-3.10.30-i486-1.txz: Upgraded.
a/kernel-huge-smp-3.10.30_smp-i686-1.txz: Upgraded.
a/kernel-modules-3.10.30-i486-1.txz: Upgraded.
a/kernel-modules-smp-3.10.30_smp-i686-1.txz: Upgraded.
a/shadow-4.1.5.1-i486-3.txz: Rebuilt.
Last edited by hitest; 02-22-2014 at 10:18 PM.
|
|
|
02-20-2014, 01:24 AM
|
#2
|
Senior Member
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 4,801
|
This only applies to x86_64 architecture only, not in x86
|
|
1 members found this post helpful.
|
02-20-2014, 01:26 AM
|
#3
|
Member
Registered: Dec 2008
Location: Cape Town, South Africa
Distribution: Slackware 15.0
Posts: 642
|
Does anyone know if there's a really compelling case to install these ? Like a major performance boost, new feature, or security/bug fixes.
|
|
|
02-20-2014, 01:41 AM
|
#4
|
Senior Member
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 4,801
|
security bug fixes
Quote:
patches/packages/linux-3.10.17-2/*:
These are new kernels that fix CVE-2014-0038, a bug that can allow local
users to gain a root shell.
Be sure to reinstall LILO (run "lilo" as root) after upgrading the kernel
packages, or on UEFI systems, copy the appropriate kernel to
/boot/efi/EFI/Slackware/vmlinuz).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename...=CVE-2014-0038
(* Security fix *)
|
|
|
|
02-20-2014, 01:42 AM
|
#5
|
LQ Guru
Registered: Aug 2004
Location: Pisa, Italy
Distribution: Slackware
Posts: 7,349
|
as it's about CONFIG_X86_X32_ABI, related to x86 emulation (the X32 flavour) on x86_64, native 32 bit archs shouldn't be affected.
Last edited by ponce; 02-20-2014 at 01:58 AM.
|
|
|
02-20-2014, 02:53 AM
|
#6
|
Member
Registered: Dec 2008
Location: Cape Town, South Africa
Distribution: Slackware 15.0
Posts: 642
|
Ok - so CVE-2014-0038 is really not too critical if you're running a laptop and you're really the only user and you also know the root login password :-)
Thing of course is that every time you install a new kernely, you have to re-install virtualbox and nvidia drivers (if you use them). And run lilo. And perhaps build a new initrd if you use that too. Thus a bit of a fag unless there's something motivating.
Thanks for the answers @ponce and @willysr.
|
|
|
02-20-2014, 06:15 AM
|
#7
|
LQ Veteran
Registered: May 2008
Posts: 7,071
|
The danger is from a piggyback attack. Arbitrary code exploit in Firefox, flashplayer, java etc, or even things like xpdf, MPlayer, OpenOffice or any other app that references untrusted data, or god forbid a network facing server vulnerability, + CVE-2014-0038 = PWNED!
If you're running 64bit, do the update! It doesn't take much effort to re-run mkinitrd and /sbin/lilo.
Actually, for 14.1 users, I'd be inclined to borrow the .30 kernel from -current instead of the rebuilt .17 in patches/: lots of water under the bridge since .17 was released.
Last edited by GazL; 02-20-2014 at 06:55 AM.
|
|
1 members found this post helpful.
|
02-20-2014, 09:35 AM
|
#8
|
LQ Veteran
Registered: Feb 2007
Distribution: Slackware64-current with KDE4Town.
Posts: 9,506
|
Quote:
Originally Posted by hitest
Upgrade time. folks.
Code:
Linux loki 3.10.30-smp #2 SMP Fri Feb 14 20:54:32 CST 2014 i686 Intel(R) Pentium(R) D CPU 2.80GHz GenuineIntel GNU/Linux
Code:
Thu Feb 20 00:30:49 UTC 2014
a/kernel-firmware-20140215git-noarch-1.txz: Upgraded.
a/kernel-generic-3.10.30-i486-1.txz: Upgraded.
a/kernel-generic-smp-3.10.30_smp-i686-1.txz: Upgraded.
a/kernel-huge-3.10.30-i486-1.txz: Upgraded.
a/kernel-huge-smp-3.10.30_smp-i686-1.txz: Upgraded.
a/kernel-modules-3.10.30-i486-1.txz: Upgraded.
a/kernel-modules-smp-3.10.30_smp-i686-1.txz: Upgraded.
a/shadow-4.1.5.1-i486-3.txz: Rebuilt.
|
Installed them last night and all is well.... so far, so good.
|
|
|
02-20-2014, 11:35 AM
|
#9
|
Member
Registered: Aug 2012
Posts: 484
Rep:
|
Quote:
Originally Posted by GazL
The danger is from a piggyback attack. Arbitrary code exploit in Firefox, flashplayer, java etc, or even things like xpdf, MPlayer, OpenOffice or any other app that references untrusted data, or god forbid a network facing server vulnerability, + CVE-2014-0038 = PWNED!
|
GazL reminds us that attackers can, and do, combine individual vulnerabilities to expand effective attack surfaces and/or amplify impact.
It's a mistake to believe you don't need to worry about CVE-2014-0038 in the single-user context.
Also, GazL's 3.10.30 recommendation highlights the wisdom in the way Pat structured the kernel deployment: 3.10.30 is available to
interested 14.1 users (via current) but they can always fall back on 3.10.17 (patched for CVE-2014-0038) should they get bitten by
kernel regressions.
--mancha
Last edited by mancha; 02-20-2014 at 03:49 PM.
Reason: stylistic
|
|
2 members found this post helpful.
|
02-20-2014, 10:12 PM
|
#10
|
Member
Registered: Jul 2003
Distribution: Slackware
Posts: 392
Rep:
|
I find it a little disconcerting that the kernel packages I have installed now (from the original 14.1 ISO) are build -3, but the security-fixed ones are build -2.
It feels like I'm going backwards.
|
|
|
02-20-2014, 10:58 PM
|
#11
|
Senior Member
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 4,801
|
Yeah, i noticed the same thing, but nevertheless, it contains the fix we need
|
|
|
02-20-2014, 11:13 PM
|
#12
|
Member
Registered: Jul 2003
Distribution: Slackware
Posts: 392
Rep:
|
Just got them installed; they are indeed newer as evidenced by the build dates:
Before: Linux bowman 3.10.17 #2 SMP Wed Oct 23 16:34:38 CDT 2013 x86_64 AMD FX(tm)-8350 Eight-Core Processor AuthenticAMD GNU/Linux
After: Linux bowman 3.10.17 #1 SMP Fri Feb 14 16:39:21 CST 2014 x86_64 AMD FX(tm)-8350 Eight-Core Processor AuthenticAMD GNU/Linux
Thank you Slackware Security Team; the upgrade went as smooth as smooth can be.
|
|
|
02-21-2014, 09:15 AM
|
#13
|
LQ Veteran
Registered: May 2008
Posts: 7,071
|
Quote:
Greg Kroah-Hartman has announced the release of a new batch of stable kernels: 3.13.4, 3.12.12, 3.10.31, and 3.4.81.
|
heh! Typical. Always the day after.
Ivybridge owners might be interested in this one as the changelog mentions a fix for a "large performance regression", the rest mostly seems to be ARM related. I'll probably skip this one and wait for .32 (unless I get bored or anything important comes to light).
I'm a little surprised Greg hasn't EOL'd 3.12 yet with 4 releases of 3.13 out the door.
|
|
|
02-22-2014, 08:44 PM
|
#14
|
Guru
Registered: Mar 2004
Location: Canada
Distribution: Slackware (desktops), Void (thinkpad)
Posts: 7,432
Original Poster
|
Quote:
Originally Posted by willysr
This only applies to x86_64 architecture only, not in x86
|
Yeah, I updated and posted too quickly without reading the changelog closely enough. Maybe ease up on the criticism a bit, okay? I think my post had some value.
|
|
|
02-22-2014, 08:50 PM
|
#15
|
Member
Registered: Aug 2012
Posts: 484
Rep:
|
@hitest: If it still allows you maybe it makes sense to edit the title so it also attracts the attention of 14.1 users
and not just current users. Maybe something like: "new kernels: 14.1 (64 bit) and current (32 & 64 bit)".
--mancha
PS Your post is fine, Pat upgraded kernels in 32 and 64 bit current.
|
|
1 members found this post helpful.
|
All times are GMT -5. The time now is 05:55 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|