UbuntuのKernelって「apt-get dist-upgrade」であがると思ってたら。。。
@だんなさんの御指摘通り、上がらなくなってる??
3.13系から3.16系へはダメなのかなぁ。
Linuxカーネルに複数の脆弱性が発見
http://news.mynavi.jp/news/2014/12/19/333/
CVE-2014-9090
さて、現状確認
# uname -r 3.13.0-43-generic # apt-get update # apt-get upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
ないのよね。。。
ちなみに、
# apt-get changelog linux-image-3.13.0-43-generic linux (3.13.0-43.72) trusty; urgency=low [ Luis Henriques ] * Release Tracking Bug - LP: #1400408 [ Upstream Kernel Changes ] * x86_64, traps: Fix the espfix64 #DF fixup and rewrite it in C - LP: #1398795 - CVE-2014-9090 * x86_64, traps: Rework bad_iret - LP: #1398795 - CVE-2014-9090 * x86, kvm: Clear paravirt_enabled on KVM guests for espfix32's benefit - LP: #1400314 - CVE-2014-8134 -- Luis Henriques <luis.henriques@canonical.com> Mon, 08 Dec 2014 17:27:21 +0000
なので、このKernelでも修正は入っていました。
探してみる
# apt-cache search linux-image-3 linux-image-3.13.0-24-generic - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-24-lowlatency - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.4.0-3-goldfish - Linux kernel image for version 3.4.0 on Android touch emulation linux-image-3.13.0-27-generic - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-27-lowlatency - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-29-generic - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-29-lowlatency - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-30-generic - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-30-lowlatency - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-32-generic - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-32-lowlatency - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-33-generic - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-33-lowlatency - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-34-generic - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-34-lowlatency - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-35-generic - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-35-lowlatency - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-36-generic - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-36-lowlatency - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-37-generic - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-37-lowlatency - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-39-generic - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-39-lowlatency - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-40-generic - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-40-lowlatency - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-41-generic - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-41-lowlatency - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-43-generic - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.13.0-43-lowlatency - Linux kernel image for version 3.13.0 on 64 bit x86 SMP linux-image-3.16.0-25-generic - Linux kernel image for version 3.16.0 on 64 bit x86 SMP linux-image-3.16.0-25-lowlatency - Linux kernel image for version 3.16.0 on 64 bit x86 SMP linux-image-3.16.0-26-generic - Linux kernel image for version 3.16.0 on 64 bit x86 SMP linux-image-3.16.0-26-lowlatency - Linux kernel image for version 3.16.0 on 64 bit x86 SMP linux-image-3.16.0-28-generic - Linux kernel image for version 3.16.0 on 64 bit x86 SMP linux-image-3.16.0-28-lowlatency - Linux kernel image for version 3.16.0 on 64 bit x86 SMP
3.16系があるやん。。。
ということで、バージョン指定してインストール
# apt-get install linux-image-3.16.0-28-generic linux-headers-3.16.0-28
で、あとは再起動すればOK。
詳細確認
# apt-cache show linux-image-3.16.0-28-generic Package: linux-image-3.16.0-28-generic Priority: optional Section: kernel Installed-Size: 43659 Maintainer: Ubuntu Kernel Team <kernel-team@lists.ubuntu.com> Architecture: amd64 Source: linux-lts-utopic Version: 3.16.0-28.38~14.04.1 Provides: fuse-module, ivtv-modules, kvm-api-4, linux-image, linux-image-3.0, redhat-cluster-modules Depends: initramfs-tools (>= 0.36ubuntu6), module-init-tools (>= 3.3-pre11-4ubuntu3) Pre-Depends: dpkg (>= 1.10.24) Recommends: grub-pc | grub-efi-amd64 | grub-efi-ia32 | grub | lilo (>= 19.1) Suggests: fdutils, linux-lts-utopic-tools, linux-headers-3.16.0-28-generic Conflicts: hotplug (<< 0.0.20040105-1) Filename: pool/main/l/linux-lts-utopic/linux-image-3.16.0-28-generic_3.16.0-28.38~14.04.1_amd64.deb Size: 16109106 MD5sum: af81bbb0aa599e0a400c0bbd5f1e9240 SHA1: ff13346245cf694a6d9d9eaeb599bf8fa6cb17fd SHA256: 5f3c6b5dd7209e55dda3365ab18fd6fcd5e25089ebf9f1d2ae4a5bc8cbd05a8d Description-en: Linux kernel image for version 3.16.0 on 64 bit x86 SMP This package contains the Linux kernel image for version 3.16.0 on 64 bit x86 SMP. . Also includes the corresponding System.map file, the modules built by the packager, and scripts that try to ensure that the system is not left in an unbootable state after an update. . Supports Generic processors. . Geared toward desktop and server systems. . You likely do not want to install this package directly. Instead, install the linux-generic meta-package, which will ensure that upgrades work correctly, and that supporting packages are also installed. Description-md5: 1e02f1d5baa368a8ac5875babbb3f358 Bugs: https://bugs.launchpad.net/ubuntu/+filebug Origin: Ubuntu Supported: 9m
どんな修正が入ってるのかは分からないようです。
あと、Changelogを見ておきましょ。
# apt-get changelog linux-image-3.16.0-28-generic linux-lts-utopic (3.16.0-28.38~14.04.1) trusty; urgency=low [ Brad Figg ] * Release Tracking Bug - LP: #1402125 [ Upstream Kernel Changes ] * net: skb_fclone_busy() needs to detect orphaned skb - LP: #1401079 -- Brad Figg <brad.figg@canonical.com> Sat, 13 Dec 2014 07:55:37 -0800 linux (3.16.0-28.37) utopic; urgency=low [ Luis Henriques ] * Release Tracking Bug - LP: #1400382 [ Upstream Kernel Changes ] * x86_64, traps: Fix the espfix64 #DF fixup and rewrite it in C - LP: #1398795 - CVE-2014-9090 * x86_64, traps: Rework bad_iret - LP: #1398795 - CVE-2014-9090 * x86, kvm: Clear paravirt_enabled on KVM guests for espfix32's benefit - LP: #1400314 - CVE-2014-8134 -- Luis Henriques <luis.henriques@canonical.com> Mon, 08 Dec 2014 16:18:29 +0000
ということで、修正入っています。
だんなさん有難う御座いました!!