Re: Security update of etch did not update my Kernel. Still vulnerable. Why???
On Sun, 9 Mar 2008 13:08:00 -0400
Mitchell Laks <mlaks@post.harvard.edu> wrote:
> Hi,
>
> I am running a minimal install debian machine as a firewall and I
> would like to keep it secure and up to date.
>
> I included
>
> deb http://ftp.us.debian.org/debian/ etch main non-free
> deb http://security.debian.org etch/update main contrib
>
> as the entries in /etc/apt/sources.list
>
> and I run apt-get update and apt-get upgrade
>
>
> Now I notice that there was a Recent advisory about the linux kernel
>
> http://www.debian.org/security/2008/dsa-1494
>
> The vmsplice system call did not properly verify address arguments
> passed by user space processes, which allowed local attackers to
> overwrite arbitrary kernel memory, gaining root privileges
> (CVE-2008-0010, CVE-2008-0600).
>
> and the page references a fix at
>
> http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-18etch1_i386.deb
>
> but why is my machine not running this new kernel?????
>
>
> I ran the update, and upgrade with apt????
>
> I still see that my kernel version is
>
> linux-image-2.6.18-3-486 and not linux-image-2.6.18-6-48.
>
> what did I do wrong? how to make sure all updates are done??????
>
> thanks,
>
> Mitchell
Try "apt-get update && apt-get dist-upgrade".
There have been a few version increment updates since 2.6.18-3, with
some packages needing new dependencies, etc, which the normal "apt-get
upgrade" would hold back, as well as the fact that kernel
2.6.18-6 would be seen as a new package (it can live happily
side-by-side with your current kernel, seeing it's viewed by
apt-get as a new package). dist-upgrade will pull in any new
dependencies and packages that you need.
Graham
Reply to: