RE: [SECURITY] [DSA 1503-1] New Linux kernel 2.4.27 packages fix several issues
My system is still up and running. So I suspect that for whatever
reason, going from ext2 -> ext3 seems to have fixed the issue.
Jase
> -----Original Message-----
> From: Desai, Jason [mailto:jase@sensis.com]
> Sent: Friday, February 29, 2008 5:48 PM
> To: Vladislav Kurz
> Cc: debian-security@lists.debian.org; debian-kernel@lists.debian.org
> Subject: RE: [SECURITY] [DSA 1503-1] New Linux kernel 2.4.27
> packages fix several issues
>
> Just to update anyone who cares, I moved the modules back and
> rebooted,
> and verified that the system would have on bootup. Then I converted
> from ext2 to ext3, and was able to boot just fine. I will let this
> system run over the weekend and see how it is on Monday.
>
> Jase
>
> > -----Original Message-----
> > From: Desai, Jason
> > Sent: Friday, February 29, 2008 12:23 PM
> > To: 'Vladislav Kurz'
> > Cc: 'debian-security@lists.debian.org';
> > 'debian-kernel@lists.debian.org'
> > Subject: RE: [SECURITY] [DSA 1503-1] New Linux kernel 2.4.27
> > packages fix several issues
> >
> > I have noticed very similar things with one of my boxes which
> > was upgraded to the latest 2.4.27 kernel. Sometimes, it
> > would even hang when running depmod from the modutils init
> > script when booting. I did some troubleshooting, and found
> > that the older kernel boots fine. Moving some modules out to
> > a different directory allowed the system to boot. But it
> > would eventually hang after a few hours, sometimes after only
> > minutes. Like you indicated - ping would work. But there
> > was nothing in the logs on the screen for me.
> >
> > I had other systems upgraded to this kernel too, and they
> > seem ok. Most use ext3. However one does use ext2, and so
> > far it has been ok. The system giving me problems is a VM
> > running inside of VMWare Server. I was thinking the issue
> > may have been with VMWare.
> >
> > I may consider trying to go to ext3 to see if that improves things.
> >
> > Jase
> >
> > > -----Original Message-----
> > > From: Vladislav Kurz [mailto:vladislav.kurz@webstep.net]
> > > Sent: Friday, February 29, 2008 11:06 AM
> > > To: debian-security@lists.debian.org
> > > Cc: debian-kernel@lists.debian.org
> > > Subject: Re: [SECURITY] [DSA 1503-1] New Linux kernel 2.4.27
> > > packages fix several issues
> > >
> > > Hello all,
> > >
> > > I wanted to file this through BTS but I'm not sure which
> > > package is the right
> > > place ot file kernel related bugs. Therefore I post here.
> > >
> > > It seems that last upgrade of kernel 2.4.27 is causing system
> > > crash and maybe
> > > even filesystem corruption at least with ext2 filesystem.
> > >
> > > Yesterday I have upgraded and rebooted couple of machines
> > > that still use
> > > kernel version 2.4.27, and one of them crashed after 5 and
> > half hours.
> > > It still responded to pings, maybe routing and firewalling as
> > > well, but SSH
> > > and other services were unavailable. This is the only machine
> > > still using
> > > ext2 filesystem.
> > >
> > > After rebooting i worked fine until I tried to access
> some parts of
> > > filesystem. I susected problems with hard disk but there were
> > > no messages on
> > > console (I expected I/O errors and such). Memory was fine as well.
> > > Checking filesystem with read-olny badblock scan "fsck -c
> > > /dev/hda2" reported
> > > everything OK. But at the moment I tried to copy (rsync, tar)
> > > the filesystem
> > > to new disk it crashed again. Copying the filesystem with dd
> > > was fine, but
> > > when i loop-mounted the image and tried to copy from there,
> > > system crashed
> > > again. So I ruled out hardware problems and tried to reboot
> > > with old kernel,
> > > and to my surprise I could read the "broken" filesystem
> > > without any problems.
> > >
> > > With old kernel I was able to rsync files to new hard drives,
> > > so the system is
> > > up and running now. (Using old kernel.) I can provide
> > > filesystem image
> > > of "broken" /usr partition for analysis.
> > >
> > > All my other servers running 2.4.27-4 kernels use ext3
> > > filesystems seem to be
> > > OK, but I'm quite afraid if it might happen on ext3 as well.
> > >
> > > These bugfixes seem to be the only ones that have to do
> > > something with
> > > ext2/ext3. Could someone look into this issue? I will try to
> > > be as heplful as
> > > possibe debugging this stuff.
> > >
> > > > CVE-2006-6053
> > > >
> > > > LMH reported a potential local DoS which could be
> > exploited by a
> > > > malicious user with the privileges to mount and read a
> > > corrupted ext3
> > > > filesystem.
> > > >
> > > > CVE-2006-6054
> > > >
> > > > LMH reported a potential local DoS which could be
> > exploited by a
> > > > malicious user with the privileges to mount and read a
> > > corrupted ext2
> > > > filesystem.
> > > >
> > >
> > > Anyway, big thanks to the security team for the work that thay do.
> > >
> > > --
> > > Regards
> > > Vladislav Kurz
> > >
> > >
> > > --
> > > To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> > > with a subject of "unsubscribe". Trouble? Contact
> > > listmaster@lists.debian.org
> > >
> > >
> >
>
>
Reply to: