True. I also forgot about that, as I'm fortunate enough to be using an old laptop that doesn't need proprietary drivers.
Methinks I will post a guide to compiling custom kernels for 13.37.
Edit: N/M there are probably a million guides for doing so on the internet.
CVE 2013-1763 - Linux Kernel local root exploit
Re: CVE 2013-1763 - Linux Kernel local root exploit
There is also a page in our wiki: http://www.salixos.org/wiki/index.php/H ... ile_kernel
Re: CVE 2013-1763 - Linux Kernel local root exploit
As you have probably all realised by now Pat did indeed provide updated kernels (this is the announcement): Slackware 13.37 - 2.6.37.6-3, Slackware64 13.37 - 2.6.37.6-3, Slackware 14.0 - 3.2.45 and Slackware64-14.0 - 3.2.45. Be aware however that some people with certain Intel hardware have had problems with the 3.2.45 kernel on Slackware 14.
Towards the end of the thread Ponce provides a 3.2.45 kernel with the problematic patch removed. Your other options are skip the upgrade or do what I did and take the 3.8.13 kernel from -current.
EDIT: Or as suggested above, compile your own.
Towards the end of the thread Ponce provides a 3.2.45 kernel with the problematic patch removed. Your other options are skip the upgrade or do what I did and take the 3.8.13 kernel from -current.
EDIT: Or as suggested above, compile your own.
Re: CVE 2013-1763 - Linux Kernel local root exploit
For people with intel graphics card that go black after an upgrade, adding this to the lilo entry for the kernel should help:
Code: Select all
addappend = " video=SVIDEO-1:d"
Re: CVE 2013-1763 - Linux Kernel local root exploit
Thanks gapan. I was not aware of that option. Though in my case the problem was not a black screen on boot but rather X freezing shortly after it started.
Re: CVE 2013-1763 - Linux Kernel local root exploit
Should there be a space after the first "? Or doesn't it matter?
Re: CVE 2013-1763 - Linux Kernel local root exploit
I'm not really sure. I always add it out of habit.mimosa wrote:Should there be a space after the first "? Or doesn't it matter?
Re: CVE 2013-1763 - Linux Kernel local root exploit
Pat has updated the 14.0 3.2.45 packages. Reports are that they work for those having issues before. I must admit I have not tried yet. The kernel from current is working nicely for me so I will probably stick with it.
Re: CVE 2013-1763 - Linux Kernel local root exploit
thanks gapan for yur answer . the update fix the issue . no matter what we'll never be safe . bad people everywhere .
The Linux philosophy is 'Laugh in the face of danger'. Oops. Wrong One. 'Do it yourself'. Yes, that's it.
Re: CVE 2013-1763 - Linux Kernel local root exploit
I upgraded to the new kernel on my Dell laptop with these specs:
It booted into x and the desktop ok, but then completely locked up. I could move the mouse pointer, but no response to clicks or keyboard entries. I reverted back to the old kernel.
Code: Select all
root[rich]# inxi -C -G
CPU: Dual core Intel Core i3-2330M CPU (-HT-MCP-) cache: 3072 KB flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx)
Clock Speeds: 1: 800.00 MHz 2: 800.00 MHz 3: 800.00 MHz 4: 800.00 MHz
Graphics: Card: Intel 2nd Generation Core Processor Family Integrated Graphics Controller
X.org: 1.12.4 drivers: intel (unloaded: vesa) tty size: 133x38 Advanced Data: N/A for root
“Don’t you see that the whole aim of Newspeak is to narrow the range of thought?"