Vulnerability in the linux kernel... when 7.0.1?
*when trisquel 7.0.1?
Ciao BSOD!
Indeed the kernel for Buguntu 14.04 LTS and all the derivatives using that kernel (like Triquel 7) must upgrade to linux-image-3.13.0-68 (3.13.0-68.111)
uname -a will give you the output of what kernel is currently running on your OS. I guess the developers already pushed the updated kernel. If not, I would suggest you install the latest jxself's libre kernel 4.3
BSOD: A possible workaround is to use the latest kernel: https://jxself.org/linux-libre/
There's no need for a "workaround". Trisquel is up-to-date here.
ok but all the people who download the iso and boot trisquel in live have this vulnerability, and not only this
Do you have any idea how often security vulnerabilities are discovered and fixed? It would be terribly impractical to release a new live ISO every time this happens, and no distro does this (edit: except distros that are designed to always be run from a live CD, and never installed, like Tails). New ISOs are either released when a new major version of the system is released, or in regular intervals of something like 6 months or a year. In the latter case, the purpose isn't to patch security vulnerabilities, it's to reduce the amount of time a new user has to spend installing updates, or in some cases to provide newer kernels so that the system can more easily be installed on newer hardware.
Making sure the system is up-to-date is why Ubiquity offers the option to download updates while installing. But even if the user chooses not to do this, the danger is minimal as long as updates are installed before too long.
In any case, I think it is a perfect time to release a new version of Trisquel ISO,
because it has not been updated for 1.5 years already... With such rare update frequency,
head Trisquel developers might simply forget how to build a Trisquel ISO when such need arises in future
> it has not been updated for 1.5 years already
Trisquel 7 was released on 11/03/2014
> With such rare update frequency,
head Trisquel developers might simply forget how to build a Trisquel ISO
What an astonishingly low opinion of the Trisquel developers' memory capacity...
^ lol Onpon
I didn't even read that part :)
No problem here, cuz GNU update system it is not like fully bloated "Windows Bugdate". In GNU you can update easyly and very very fast.
Hmm, don't you need to reboot in order for the kernel to get actually upgraded or am I wrong?
For kernel updates you must to reboot.
But I read something about live patching:
http://www.zdnet.com/article/no-reboot-patching-comes-to-linux-4-0/
http://www.eweek.com/enterprise-apps/linux-4.0-goes-live-with-live-kernel-patching.html
well, that doesn't apply to Trisquel 7 live. So, yeah, as BSOD pointed out it is vulnerable.
What about the updates that can be done during the installation? Is it something different?
During installation, you can choose if updates are downloaded if you have an Internet connection, but they will never be installed automatically. When you boot the installed system for the first time, it will prompt you to install the updates directly, which will require a reboot since the kernel is almost always updated after the release.
I see, thanks for the clarification.
I don't understand italian, so it makes that vulnerability even scarier.
What does it says about that vulnerability?
What I'm barely deciphering is that it allows a DDOS attack from KVM, and that Canonical released a patch.
What does it say about the LiveCD?
Does that mean that jxself's upgrade is good enough?
What about the reboot, how would that be a problem?
You mean the article the OP linked to? It references this article which is in English:
So, it's a vulnerability that makes it possible for someone to crash your system. Not especially dangerous for typical desktop users.
I see, thanks.
Wait, is that a vulnerability that allows an attacker on KVM ON THE SAME MACHINE to launch a DOS attack?
That would be troublesome IF the machine is stolen, and not encrypted of course. Otherwise, it doesn't seem like a threat at all.
That might be another quick conclusion from me, but from what I gather, it's not a dangerous vulnerability.
I guess there might be a way to implement such an attack against a fresh install, but regarding the necessary and unlikely conditions for the attack to happen, this can't seriously be considered a threat.
There's really no need to analyze the danger of it. It's fixed. Trisquel is up-to-date. (This was already the case when this topic was started.)
Not that I'm worried or anything (my line on italian language above is not to be taken seriously), specially if my analysis is correct: I just find this interesting. But since it's already fixed, it's even better.