[SOLVED] New kernel Slackware 14.2 (security issues)

hitest · 01-08-2020, 06:52 PM

Code:

Wed Jan  8 22:14:06 UTC 2020
patches/packages/linux-4.4.208/*:  Upgraded.
   IPV6_MULTIPLE_TABLES n -> y
  +IPV6_SUBTREES y
  These updates fix various bugs and security issues.
  Be sure to upgrade your initrd after upgrading the kernel packages.
  If you use lilo to boot your machine, be sure lilo.conf points to the correct
  kernel and initrd and run lilo as root to update the bootloader.
  If you use elilo to boot your machine, you should run eliloconfig to copy the
  kernel and initrd to the EFI System Partition.
  For more information, see:
    Fixed in 4.4.203:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19524
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15917
    Fixed in 4.4.204:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18660
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15291
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18683
    Fixed in 4.4.206:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12614
    Fixed in 4.4.207:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19227
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19062
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19338
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19332
    Fixed in 4.4.208:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19057
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19063
  (* Security fix *)
+--------------------------+

http://slackware.osuosl.org/slackwar.../ChangeLog.txt

magicm · 01-09-2020, 01:13 PM

Replying mostly to remove from zero reply.
But so grateful that 14.2 still gets some love.

Code:

root@igloo: Thu Jan 09 13:06:17 : /home/magic/Downloads
# spectre-meltdown-checker.sh --batch
CVE-2017-5753: OK (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
CVE-2017-5715: OK (Full retpoline + IBPB are mitigating the vulnerability)
CVE-2017-5754: OK (Mitigation: PTI)
CVE-2018-3640: OK (your CPU microcode mitigates the vulnerability)
CVE-2018-3639: OK (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
CVE-2018-3615: OK (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-3620: OK (Mitigation: PTE Inversion)
CVE-2018-3646: OK (this system is not running a hypervisor)
CVE-2018-12126: OK (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
CVE-2018-12130: OK (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
CVE-2018-12127: OK (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
CVE-2019-11091: OK (Your microcode and kernel are both up to date for this mitigation, and mitigation is enabled)
CVE-2019-11135: OK (your CPU vendor reported your CPU model as not vulnerable)
CVE-2018-12207: OK (this system is not running a hypervisor)

Code:

root@igloo: Thu Jan 09 13:06:35 : /home/magic/Downloads
# inxi
CPU: Dual Core Intel Core i5-2540M (-MT MCP-) speed/min/max: 800/800/3300 MHz Kernel: 4.4.208 x86_64 Up: 16m 
Mem: 929.5/7856.7 MiB (11.8%) Storage: 931.51 GiB (19.1% used) Procs: 197 Shell: bash 4.3.48 inxi: 3.0.37

vtel57 · 01-09-2020, 04:02 PM

Sadly, upgrading from 4.4.14 to 4.4.208 made my system go BOOM!

Fortunately, I rsync'd to my mirror drive before starting the upgrade. All's well now that I've restored that backup.

I'll attempt the upgrade another time. And no, not sure at all what went wrong. New kernel Panic! Initrd, LILO, etc. all configured correctly.

Meh... poop happens.

vtel57 · 01-20-2020, 06:24 PM

Quote:

Originally Posted by vtel57

Sadly, upgrading from 4.4.14 to 4.4.208 made my system go BOOM!

--- An Update ---

I was finally able to upgrade my kernel (4.4.14. --> 4.4.208) and get Nvidia to behave properly. It helps immensely when you d-load the correct Nvidia driver. Me = Dumbass.

All's well now.