Problem with the 4.4.75 kernel security upgrade dated 26 June 2017 (SSE 2017-177-01)
Greetings,
I downloaded the subject Slackware security kernel upgrade from my favorite Slackware mirror site, OSU. I installed it on 7/4/17 on my Slackware 14.2 system, and immediately had crashing problems with LibreOffice. This appears to be a known bug with CVE-2017-1000364 which is included in this upgrade. https://bugs.launchpad.net/ubuntu/+s...x/+bug/1699772 I backed the 4.4.75 kernel upgrade out and returned to the 4.4.38 kernel and my problem disappeared. I see that the 4.4.75 kernel is still on the mirror site and my searching on this site (LQ) for this kernel problem returned 0 results, which surprised me. I am sure I am not the only Slacker bitten by this bug and I understand this problem affects many applications, not just LO. This bug has left me with a lack of confidence in Slackware security upgrades and I will certainly think twice before I upgrade my kernel again in the future. One purpose of this posting is to make other Slackers, who may be thinking of upgrading to this kernel, aware of the bug before they do so. My question is, is Slackware aware of this bug and is anything being done to release a new kernel without the bug, or do they recommend to do what I have done and not upgrade to the 4.4.75 kernel? Thanks. Girvin Herr |
Girvin, as far as I know this happens only on 32bit OS. Also I was notified by someone that newest kernels on kernel.org are supposed to have a fix for this Java issue.
So hopefully it will be a matter of time to get this issue resolved. |
Alien Bob,
Thanks for your quick reply. Yes, I am running 32-bit, so I got caught in it. I am glad to hear it is being worked on. Thanks again and take care. Girvin |
https://lkml.org/lkml/2017/7/3/1008
thread starting here can show the reason of the crashes in JRE/JDK. As a temporary partial workaround you can disable using JRE (for ex. start Calc or another not-Writer component, go to Tools - Options... - Advanced, clear Enable a Java runtime environment checkbox, click Ok). Extensions based on JRE will stop working. |
bormant,
That solution is not an option for me. I depend on Libreoffice Base for my database maintenance and Base requires JDK/JRE to run. However, it crashes hard with the 4.4.75 kernel when I try to do certain operations. My solution was to return to the previous 4.4.38 kernel. The odd thing is that Openoffice Base still works with the bug. However, Openoffice no longer has the Base report generator, so I must use Libreoffice for printing my database reports. Thanks for your response. Girvin |
Note that the published workaround is to increase the "Thread stack size" of the Java VM. For example, add the parameter -Xss2m or -Xss1280k to your java commandline. The default is 1024k which is too small now.
I have no idea (yet) how we can use this knowledge to fix the LibreOffice crashes caused by Java. |
Another option is to switch to Slackware 64 bit. Does this acceptable?
|
girvinh and all --
The Linux 4.4.78 ChangeLog references CVE-2017-1000371. I can't say I understand any of the text in the ChangeLog but reading the CVE Links, maybe this Kernel Addresses the Libre Office / Java Bug ? HTH. -- kjh |
As I can see here 4.4.78-smp (built with 4.4.75 config) itself doesn't help, LO Writer still crashes...
|
bormant --
That's too bad, but thanks for the testing and feedback ! EDIT: Sorry, I've got 'autologin' set for lwn.net and I didn't realize the following link is 'subscriber only content'. I'll leave the link ... it will be freely available on Thursday, July 27 ... There seems to be more than a bit of discussion about Rethinking the Stack Clash fix. Maybe the next set of kernels will finally fix it ... -- kjh |
:twocents: This seems related, if not, please ignore.
https://help.libreoffice.org/Common/Start_Parameters |
Good news here.
Given: Code:
$ ( cd /var/log/packages ; ls -1 libreoffice* jre* ) Code:
stack_guard_gap=6 2. kernel 4.4.78-smp i686 -- LibreOffice doesn't crash. PS. To add kernel parameter "stack_guard_gap=6" for LILO: add it to "append" line of /etc/lilo.conf: Code:
... Code:
# lilo PPS. New default for stack_guard_gap is 256 pages. 1 page is an old vulnerable default increased to avoid stack clash. So bigger value is safer (better). Find if it can be increased. |
Thank you bormant !
Nice detective work and testing !! Found a reference to stack_guard_gap in /usr/src/linux-4.4.75/Documentation/kernel-parameters.txt And an online reference here: http://www.infradead.org/~mchehab/ke...arameters.html -- kjh |
Greetings,
Using my test machine, I reinstalled the 4.4.75 kernel and verified that LibreOffice Base still crashes. I then tried Alien Bob's suggestion along with Paulo2's link to the LibreOffice Start Parameters dialog, to add "-Xss1280k" to the LibreOffice Java start parameters. That did not work, even when I tried "-Xss2m". So, I then tried bormant's suggestion to add "stack_guard_gap=6" to the lilo.conf "append" string. That worked! Base no longer crashes when I log in to Mariadb. Thanks to everyone for the help and especially to bormant. Now I can return to installing the kernel security updates and make my machines more secure. Girvin Herr |
Problem with the 4.4.75 kernel security upgrade dated 26 June 2017 (SSE 2017-177-01)
I reported on the Linux - Software forum that Base/Macro is crashing on my Ubuntu 16.04.3 32-bit system and was directed here by ljb643. Can anyone tell me where I might find more current information, and hopefully a solution to this problem for my system?
|
All times are GMT -5. The time now is 11:15 AM. |