Re: [SECURITY] [DSA 4187-1] linux security update
On Thu, May 03, 2018 at 10:53:00AM +0200, richard lucassen wrote:
> > > There are multiple reports on #ganeti that this update breaks
> > > networking in certain circumstances, probably multiple tun/tap
> > > device configurations. No more details or a proper bug report yet
> > > as I haven't experienced this myself, but mentioning in case it
> > > saves anyone else breakage.[...]
> >
> > I believe I understand this. Creating a tun/tap device using a name
> > pattern such as "tun%d" (or empty name) will now fail if the number
> > substituted is not 0. There is an upstream fix for this that I failed
> > to spot in time.
>
> There is also an big increase in time before random is initialized:
>
> [ 182.811840] random: crng init done
>
> This is a machine on bare metal. On other environments like proxmox I've
> seen:
>
> [ 303.993638] random: crng init done
>
> Downgrading to the previous kernel resolves the problem (normally a few
> seconds). One of the consequences is that openntpd (or a program like
> rdate) hangs until the crng is initialized.
I'd think it's a fix for [1], [2] but it does not appear on the list of
CVEs fixed.
1. https://security-tracker.debian.org/tracker/CVE-2018-1108
2. https://bugs.chromium.org/p/project-zero/issues/detail?id=1559
Reply to: