Siduction Forum

Siduction Forum => Upgrade Warnings => Topic started by: devil on 2016/01/19, 21:54:49

Title: Kernel Vulnerability
Post by: devil on 2016/01/19, 21:54:49
A kernel vunerability that existed since kernel 3.8 from 2012 was disclosed today. As I write this, towo is patching our kernel.


EN: http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/


DE: https://www.computerbase.de/2016-01/linux-bug-lokale-rechteausweitung-im-kernel-publiziert/


Please update your kernel.


greetz
devil
Title: Re: Kernel Vulnerability
Post by: DeepDayze on 2016/01/24, 03:56:05
Which version has the patch so that I can make sure I have it  8)
Title: Re: Kernel Vulnerability
Post by: musca on 2016/01/24, 06:21:44
Hello DeepDayze,

 root@sidbox:~# zgrep CVE-2016-0728 /usr/share/doc/linux-image-4.4.0-towo.2-siduction-amd64/changelog.Debian.gz 
  * add KEYS-Fix-keyring-ref-leak-in-join_session_keyring.patch CVE-2016-0728
So you need at least linux-image-4.4.0-towo.2-siduction-amd64.

Or just make sure you do:
Code: [Select]
apt-get update && apt-get dist-upgrade linux-image-siduction-amd64+ linux-headers-siduction-amd64+
greetings
musca

Title: Re: Kernel Vulnerability
Post by: mrsarmitage on 2016/01/24, 11:17:46
Holen des Kernels mit apt-get:

: Failed to fetch http://debian.mirror.lrz.de/debian/dists/unstable/main/binary-amd64/Packages  Writing more data than expected (10714614 > 10714528) [IP: 131.246.123.4 80]
W: Failed to fetch http://ftp.halifax.rwth-aachen.de/debian/dists/unstable/main/binary-i386/Packages.xz  Hash-Summe stimmt nicht überein
W: Failed to fetch http://ftp.halifax.rwth-aachen.de/debian/dists/unstable/main/i18n/Translation-de.bz2  Hash-Summe stimmt nicht überein
E: Einige Indexdateien konnten nicht heruntergeladen werden. Sie wurden ignoriert oder alte an ihrer Stelle benutzt.

Title: Re: Kernel Vulnerability
Post by: devil on 2016/01/24, 13:57:30
Der Kernel liegt aber nicht auf einem Debian-Mirror. Einfach später nochmal versuchen.


greetz
devil