[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: vulnerability in 8.6

Hello Mike;

thanks for all help and I checked /boot

$ ls /boot/
config-3.16.0-4-amd64  grub  initrd.img-3.16.0-4-amd64  System.map-3.16.0-4-amd64  vmlinuz-3.16.0-4-amd64

$ sudo update-grub
[sudo] password for x: 
Generating grub configuration file ...
Found background image: /usr/share/images/desktop-base/desktop-grub.png
Found linux image: /boot/vmlinuz-3.16.0-4-amd64
Found initrd image: /boot/initrd.img-3.16.0-4-amd64
done


So, I'm shared below apt policy:

$ apt-cache policy linux-image-3.16.0-4-amd64
linux-image-3.16.0-4-amd64:
  Installed: 3.16.36-1+deb8u2
  Candidate: 3.16.36-1+deb8u2
  Version table:
 *** 3.16.36-1+deb8u2 0
        500 http://security.debian.org/ jessie/updates/main amd64 Packages
        100 /var/lib/dpkg/status
     3.16.36-1+deb8u1 0
        500 http://ftp.debian.org/debian/ jessie/main amd64 Packages
     3.16.7-ckt25-2 0
        500 http://ftp.debian.org/debian/ jessie-updates/main amd64 Packages


Regards,

Ozgur


2016-11-07 20:18 GMT+03:00 Mike Oliver <mike@mopmeat.net>:
Can we confirm whether or not the kernel is already installed? Is the newest version in the kernel in /boot? It's unclear from what's been said if the system has even been rebooted into the updated kernel.



On 11/07/2016 08:55 AM, Eduardo M KALINOWSKI wrote:
On Seg, 07 Nov 2016, Ozgur wrote:
I updated the Debian system and again exploit it successful.

No, you didn't. (Well, kinda)

$ uname -ar
Linux x 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86_64
GNU/Linux

That's not the latest version, and specifically is not the one in which that vulnerability was fixed. You should have version 3.16.36-1+deb8u2 .

~$ cat /etc/apt/sources.list

deb http://security.debian.org/ jessie/updates main contrib
deb-src http://security.debian.org/ jessie/updates main contrib

deb http://ftp.debian.org/debian/ jessie-updates main contrib
deb-src http://ftp.debian.org/debian/ jessie-updates main contrib

deb http://ftp.debian.org/debian/ jessie main contrib
deb-src http://ftp.debian.org/debian/ jessie main contrib

Your sources seem correct, though. What does "apt-cache policy linux-image-3.16.0-4-amd64" says?





--
Ozgur
Reply to: