How do I get a warm fuzzy feeling about kernel upgrade?

To: debian-user@lists.debian.org
Subject: How do I get a warm fuzzy feeling about kernel upgrade?
From: jse@xmission.com
Date: Sat, 6 Dec 2003 08:58:03 -0700
Message-id: <[🔎] 1070726283.3fd1fc8be8c97@webmail.xmission.com>

     
I have reaffirmed that I'm clueless this morning.  I found this security    
bulletin:    
http://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00212.html    
this morning.  This worried me since I just installed debian last week on    
a server directly connected to the internet.  I'm confused because it says    
in the text that the update is "version 2.4.18-14 of the i386 kernel   
images" but in the list of upgraded packages all of them seem to have just  
a -12, for example:        
http://security.debian.org/pool/updates/main/k/kernel-image-2.4.18-1-i386/kernel-image-2.4.18-1-k7_2.4.18-12_i386.deb  
This completely confused me.  I ran the "apt-get update; apt-get upgrade"  
but all it update was "rsync".  The highest packages listed in dselect are  
2.4.18-12.  
  
So I looked back through the e-mails from earlier this week to see if I  
could find some more information and found an e-mail from bob@proulx.com  
(Bob Proulx) that said:  
  
> The installer bootstraps the system with a bootstrapping kernel which  
> is not installed with the package manager.  You need a system running  
> before you can run applications like the package manager.  And you  
> need the package manager before you can install packages.  A chicken  
> or the egg problem.  So the initial kernel is not known by the package  
> manager.  
>  
> This means that the initial kernel will never be offered to users as  
> an upgrade even if security updates exist for it such as the 2.4.18  
> kernel.  APT does not know it is there.  The fact that the initial  
> installer leaves the system without a kernel installed by the package  
> manager is a disservice.  It would be better if the initial installer  
> installed the same kernel again overwriting the bootstrapping kernel  
> using the package manager so that it is now known and updates would be  
> offered and it could then also be removed in the future.  
  
Now I feel really stupid!  I've been installing debian for several years  
and I had no idea that the kernel was never getting updated.  I have  
installed the 2.4.18-12 kernel now, but I have no idea of this is correct.   
I did a "strings" on the new vzimage and found "2.4.18-1-k7 
(herbert@gondolin) #3 Sat Nov 29 10:23:13 EST 2003" which is strange 
because the date on the file itself is Nov 28 16:42.  Is there a 2.4.18-14 
kernel that I need?  If so what do I have to do to install it?   
  
Are there md5sums somewhere of the vzimages that I could check to verify 
that I have the correct kernel running? 
 
Thanks 
  -Scott

Reply to:

Follow-Ups:
- Re: How do I get a warm fuzzy feeling about kernel upgrade?
  - From: Kevin Buhr <buhr@telus.net>

Prev by Date: Re: bcm4400 source for nic .deb file
Next by Date: Re: Linux Kernel Security - Can it ever be 100%
Previous by thread: Re: bcm4400 source for nic .deb file
Next by thread: Re: How do I get a warm fuzzy feeling about kernel upgrade?
Index(es):
- Date
- Thread