[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 4187-1] linux security update

On Thu, 03 May 2018 01:44:06 +0100
Ben Hutchings <benh@debian.org> wrote:

> > There are multiple reports on #ganeti that this update breaks
> > networking in certain circumstances, probably multiple tun/tap
> > device configurations. No more details or a proper bug report yet
> > as I haven't experienced this myself, but mentioning in case it
> > saves anyone else breakage.[...]
> 
> I believe I understand this. Creating a tun/tap device using a name
> pattern such as "tun%d" (or empty name) will now fail if the number
> substituted is not 0.  There is an upstream fix for this that I failed
> to spot in time.

There is also an big increase in time before random is initialized:

[  182.811840] random: crng init done

This is a machine on bare metal. On other environments like proxmox I've
seen:

[  303.993638] random: crng init done

Downgrading to the previous kernel resolves the problem (normally a few
seconds). One of the consequences is that openntpd (or a program like
rdate) hangs until the crng is initialized.

R.
-- 
richard lucassen
http://contact.xaq.nl/
Reply to: