Re: Do I need to upgrade my kernel (kernel-image-2.4-k6)?

Robert S wrote:

I am running debian with kernel 2.4.27. I see that the kernel-source
package is listed in the security vulnerabilities (DSA-1097). I do a
weekly "apt-get update && apt-get upgrade" but have not been prompted to
upgrade my
kernel. I am using kernel-image-2.4-k6.

Do I need to upgrade my kernel image and if so, what is the correct way of
doing this?

Do you use stable or testing?

If you take a look at http://www.debian.org/security/2006/dsa-1097 you can
see that you need at least 2.4.27-10sarge3 for IA-32 architecture. When you
run

apt-cache policy kernel-image-2.4.27-2-k6

you should get something like this (not exactly, because I have here
testing):

kernel-image-2.4.27-2-k6:
Installed: (none)
Candidate: 2.4.27-12
Version table:
2.4.27-12 0
300 http://debian.lcs.mit.edu unstable/main Packages
700 http://debian.lcs.mit.edu testing/main Packages
2.4.27-10sarge1 0
500 http://security.debian.org sarge/updates/main Packages

Which means that if you have stable and security updates configured
properly, then you should have 2.4.27-10sarge1 . Chmmm, so there is
apparently some problem with that system.

Nevertheless, security report itself mentions source of the patched kernel
as (on one line):

http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386\
/kernel-image-2.4.27-3-k6_2.4.27-10sarge3_i386.deb

If you download this package (with wget or curl -O prepended to URL) you can
install it (as a root) with

dpkg -i kernel-image-2.4.27-3-k6_2.4.27-10sarge3_i386.deb

I am Cc:-ing this to the security team and hopefully we'll get some reaction
from them about apparently broken apt-get lists.

Best,

Matěj

--
GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC
http://www.ceplovi.cz/matej/blog/, Jabber: ceplma@xxxxxxxxx
23 Marion St. #3, (617) 876-1259, ICQ 132822213

That distinction is reflected in the apocryphal remark made by a
French diplomat to his British counterpart: "This is all very
well in practice, but will it work in theory?".



--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Relevant Pages

  • Debian Etch-->Lenny upgrade, stuck in a loop
    ... I finally decided that I'd upgrade to Lenny. ... The installation of a 2.6 kernel _could_ ask you to install a new libc ... which tells me to be more specific, giving me list of matching packages. ...
    (uk.comp.os.linux)
  • Re: 2.6 kernel upgrade gives garbled video (w/o X11)
    ... the Etch packages because of a dependency loop involving libc6. ... not passing any special kernel parameters on boot to the 2.4 kernel ... I was getting this error when trying to upgrade the ... update and then try installing the 2.6 kernel package again? ...
    (Debian-User)
  • Re: [opensuse] Architecture switch 32->64 bit (i386 to x86-64)
    ... A "simple" upgrade with Yast from 10.3 installmedia leads to lots of dependency problems when resolving the packages. ... I wanted to get my kernel to 64-bits. ... One rpm line shows 55 rpm packages I had to install at same ...
    (SuSE)
  • [Full-Disclosure] Re: Full-Disclosure digest, Vol 1 #883 - 11 msgs
    ... > Multiple vulnerabilities were discovered and fixed in the Linux kernel. ... > MandrakeSoft encourages all users to upgrade to these new kernels. ... > All packages are signed by MandrakeSoft for security. ...
    (Full-Disclosure)
  • [CLA-2005:945] Conectiva Security Announcement - kernel
    ... SUMMARY: Kernel fixes ... Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 ... UPDATED PACKAGES ... - after that, execute: apt-get upgrade ...
    (Bugtraq)