[Mageia-sysadm] Updated kernels for the Mageia Servers...

Michael Scherer misc at zarb.org
Wed Dec 15 03:04:50 CET 2010 

Le mardi 14 décembre 2010 à 22:06 +0200, Thomas Backlund a écrit :
> Hi,
> 
> Since it probably will take some time before Mandriva releases their 
> next kernel security updates, I suggest to install the ones I have built 
> from current svn:
> 
> 
> So for 2010.1 hosts:
> > * Fri Dec 10 2010 Thomas Backlund <tmb at mandriva.org> 2.6.33.7-2.2mnb
> > o Thomas Backlund <tmb at mandriva.org>
> >     - vmscan: raise the bar to PAGEOUT_IO_SYNC stalls
> >       (Fixes "system goes unresponsive under memory pressure and lots of
> >        dirty/writeback pages" bug. (http://lkml.org/lkml/2010/4/4/86))
> >     - make kernel-source require diffutils as it uses both diff and cmp
> >       during build (mdv #61719)
> >     - econet: disallow NULL remote addr for sendmsg() (CVE-2010-3849)
> >     - econet: Add missing check for capable(CAP_NET_ADMIN) in SIOCSIFADDR
> >               operation (CVE-2010-3850)
> >     - econet: fix stack overflow if msg->msgiovlen is large (CVE-2010-3848)
> >     - do_exit(): make sure that we run with get_fs() == USER_DS (CVE-2010-4258)
> >     - af_unix: limit unix_tot_inflight and recursion level (CVE-2010-4249)(fixes unix socket OOM)
> 
> http://tmb.mine.nu/Mandriva/2010.1/
> http://tmb2.mine.nu/Mandriva/2010.1/
> 
> 
> And for 2010.0 hosts:
> > * Sat Dec 11 2010 Thomas Backlund <tmb at mandriva.org> 2.6.31.14-1.1mnb
> > o Thomas Backlund <tmb at mandriva.org>
> >     - fix local root exploit with 32bit compat mode on 64 bit kernels
> >       (CVE-2010-3301)
> >     - econet: fix stack overflow if msg->msgiovlen is large (CVE-2010-3848)
> >     - econet: disallow NULL remote addr for sendmsg() (CVE-2010-3849)
> >     - econet: Add missing check for capable(CAP_NET_ADMIN) in SIOCSIFADDR
> >               operation (CVE-2010-3850)
> >     - do_exit(): make sure that we run with get_fs() == USER_DS (CVE-2010-4258)
> >     - af_unix: limit unix_tot_inflight and recursion level (CVE-2010-4249)
> 
> http://tmb.mine.nu/Mandriva/2010.0/
> http://tmb2.mine.nu/Mandriva/2010.0/
> 
> 
> Any complaints / suggestions ?

Apart from the usual fear of rebooting a server located several
kilometers away, no problem for me. 

Could you do it ( if possible, one server after the other, starting with
ecosse/jonund ) ?

I have seen problem on reboot on my VM for alamut, as sympa will not
start if postgresql is not started, so it would be nice to use the DRAC

Dams, maat, do we remember the password and modus operendi :) 
-- 
Michael Scherer

More information about the Mageia-sysadm mailing list