LinuxQuestions.org - [SOLVED] New kernel Slackware 14.2 (security issues)

- Slackware (https://www.linuxquestions.org/questions/slackware-14/)

- - New kernel Slackware 14.2 (security issues) (https://www.linuxquestions.org/questions/slackware-14/new-kernel-slackware-14-2-security-issues-4175667339/)

New kernel Slackware 14.2 (security issues)

Code:

Wed Jan  8 22:14:06 UTC 2020

patches/packages/linux-4.4.208/*:  Upgraded.

  IPV6_MULTIPLE_TABLES n -> y

  +IPV6_SUBTREES y

  These updates fix various bugs and security issues.

  Be sure to upgrade your initrd after upgrading the kernel packages.

  If you use lilo to boot your machine, be sure lilo.conf points to the correct

  kernel and initrd and run lilo as root to update the bootloader.

  If you use elilo to boot your machine, you should run eliloconfig to copy the

  kernel and initrd to the EFI System Partition.

  For more information, see:

    Fixed in 4.4.203:

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19524

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15917

    Fixed in 4.4.204:

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18660

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15291

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18683

    Fixed in 4.4.206:

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12614

    Fixed in 4.4.207:

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19227

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19062

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19338

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19332

    Fixed in 4.4.208:

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19057

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19063

  (* Security fix *)

+--------------------------+

http://slackware.osuosl.org/slackwar.../ChangeLog.txt

Thank you, PV !!

Replying mostly to remove from zero reply.
But so grateful that 14.2 still gets some love.

Code:

root@igloo: Thu Jan 09 13:06:17 : /home/magic/Downloads

# spectre-meltdown-checker.sh --batch

CVE-2017-5753: OK (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)

CVE-2017-5715: OK (Full retpoline + IBPB are mitigating the vulnerability)

CVE-2017-5754: OK (Mitigation: PTI)

CVE-2018-3640: OK (your CPU microcode mitigates the vulnerability)

CVE-2018-3639: OK (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)

CVE-2018-3615: OK (your CPU vendor reported your CPU model as not vulnerable)

CVE-2018-3620: OK (Mitigation: PTE Inversion)

CVE-2018-3646: OK (this system is not running a hypervisor)

CVE-2018-12126: OK (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)

CVE-2018-12130: OK (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)

CVE-2018-12127: OK (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)

CVE-2019-11091: OK (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)

CVE-2019-11135: OK (your CPU vendor reported your CPU model as not vulnerable)

CVE-2018-12207: OK (this system is not running a hypervisor)

Code:

root@igloo: Thu Jan 09 13:06:35 : /home/magic/Downloads

# inxi

CPU: Dual Core Intel Core i5-2540M (-MT MCP-) speed/min/max: 800/800/3300 MHz Kernel: 4.4.208 x86_64 Up: 16m 

Mem: 929.5/7856.7 MiB (11.8%) Storage: 931.51 GiB (19.1% used) Procs: 197 Shell: bash 4.3.48 inxi: 3.0.37

Sadly, upgrading from 4.4.14 to 4.4.208 made my system go BOOM!

Fortunately, I rsync'd to my mirror drive before starting the upgrade. All's well now that I've restored that backup.

I'll attempt the upgrade another time. And no, not sure at all what went wrong. New kernel Panic! Initrd, LILO, etc. all configured correctly.

Meh... poop happens.

Quote:

Originally Posted by vtel57 (Post 6076474)

Sadly, upgrading from 4.4.14 to 4.4.208 made my system go BOOM!

--- An Update ---

I was finally able to upgrade my kernel (4.4.14. --> 4.4.208) and get Nvidia to behave properly. It helps immensely when you d-load the correct Nvidia driver. Me = Dumbass.

All's well now. :)