posted by
martyb
on Friday May 11 2018, @01:17AM
from the improved-security-plus-continued-impressive-uptime dept.
from the improved-security-plus-continued-impressive-uptime dept.
Softpedia reports
The patch addresses a total of nine security vulnerabilities
[...] All these flaws could [allow] local attackers to either crash the system or execute arbitrary code, bypass intended access restrictions to the connection tracking helpers list, as well as to inappropriately modify the system-wide operating system fingerprint list. Canonical urges all Ubuntu 16.04 LTS and Ubuntu 14.04 LTS users using the Canonical Livepatch to update their system immediately. A restart is not required when updating the kernel [using the] live patch.
This discussion has been archived.
No new comments can be posted.
Canonical Releases New Kernel Live Patch for Ubuntu 16.04 LTS & Ubuntu 14.04 LTS
|
Log In/Create an Account
| Top
| 8 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
(1)
(Score: 0) by Anonymous Coward on Friday May 11 2018, @01:25AM
I don't trust your phony baloney kernel livepatch nonsense. I'm going to restart the userland of my microkernel like RMS intended.
(Score: 2) by boltronics on Friday May 11 2018, @02:30AM (1 child)
That's old news. What about the kernel security issue that came out just a few days later?
https://lists.ubuntu.com/archives/ubuntu-security-announce/2018-May/004386.html [ubuntu.com]
"The fix for this problem requires modification of the interrupt descriptor
tables (IDT), and modification of the interrupt handlers. Livepatch is
unable to safely modify these areas, so upgrading to a corrected kernel
and rebooting is required to fix the problem."
So you've still got to reboot if you want to remain secure.
It's GNU/Linux dammit!
(Score: 1, Interesting) by Anonymous Coward on Friday May 11 2018, @02:43AM
Plus live patching doesn't completely negate the need to reboot. After a live patch, every call has added overhead to determine whether it is patched or not, which increases per live patch installed. Also, depending on the work it does, it can murder performance, cause instability, and increase attack surface area for escalation attacks. Only with a reboot do you get the fresh kernel.
(Score: 0) by Anonymous Coward on Friday May 11 2018, @04:31AM (1 child)
Debian. It's really that simple. Debian. I know you want to. Debian.
(Score: 0) by Anonymous Coward on Friday May 11 2018, @08:40AM
You do realize that is two persons names, right?
Okay.
Let's read what you wrote again...
(Score: 0) by Anonymous Coward on Friday May 11 2018, @05:48AM (1 child)
waiting for the M$ buyout
(Score: 1) by DECbot on Friday May 11 2018, @05:43PM
I always thought it was Red Hat who was going to be bought out, but you might be on to something. Ubuntu makes a better platform for a Microsoft to bolt its crapware onto for the point and click crowd and Ubuntu's server customer base is closer to Microsoft's target base. Likewise, there will be less nerd rage if Ubuntu is bought over Red Hat. Ubuntu is just another Debian derivative while Red Hat has the keys to RHEL and Fedora--which influences many derivatives as well as things like pulse and systemd. If Conacle is bought, nerd rage on the loss of the easy intro to Linux desktop distribution. If Red Hat is bought, then core Linux is tainted. (Okay, technically no, but the world would be on the brink of ending.)
cats~$ sudo chown -R us /home/base
(Score: 1) by hereweareagain on Friday May 11 2018, @03:51PM
This came out on May 2 and I had already updated my kernel, but thanks for the warning
--I'm willing to admit I just *might* be wrong... Are you?