Re: [SECURITY] [DSA 4187-1] linux security update
On Thu, 03 May 2018 01:44:06 +0100
Ben Hutchings <benh@debian.org> wrote:
> > There are multiple reports on #ganeti that this update breaks
> > networking in certain circumstances, probably multiple tun/tap
> > device configurations. No more details or a proper bug report yet
> > as I haven't experienced this myself, but mentioning in case it
> > saves anyone else breakage.[...]
>
> I believe I understand this. Creating a tun/tap device using a name
> pattern such as "tun%d" (or empty name) will now fail if the number
> substituted is not 0. There is an upstream fix for this that I failed
> to spot in time.
There is also an big increase in time before random is initialized:
[ 182.811840] random: crng init done
This is a machine on bare metal. On other environments like proxmox I've
seen:
[ 303.993638] random: crng init done
Downgrading to the previous kernel resolves the problem (normally a few
seconds). One of the consequences is that openntpd (or a program like
rdate) hangs until the crng is initialized.
R.
--
richard lucassen
http://contact.xaq.nl/
Reply to: