[Cucumber-linux-security] linux (security update is available)
A general purpose desktop and server Linux distribution.
Brought to you by:
z5t1
From: Scott C. <sc...@cu...> - 2018-01-06 15:50:42
|
Update Information A security update is available for linux for the following versions of Cucumber Linux: * 1.0 * 1.1 Beta Here are the details from the Cucumber 1.0 changelog: +----------------+ Fri Jan 5 21:28:05 EST 2018 base/linux upgraded from 4.9.74 to 4.9.75 to fix the Meltdown security vulnerability (CVE-2017-5754), a hardware vulnerability affecting almost all Intel processors made after 1995 that allows for any process to access the memory of any other process or the kernel. For more information see: http://security.cucumberlinux.com/security/details.php?id=200 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754 https://meltdownattack.com/ https://www.youtube.com/watch?v=I5mRwzVvFGE * SECURITY FIX * +----------------+ WARNING: THIS UPDATE IS KNOWN TO BREAK CERTAIN SYSTEMS Due to the fact this this update makes a larger change to the Linux kernel than most other kernel updates, this update has greater than usual chance of breaking your system. This kernel update is known to cause issues in the following environments: * Running inside an x86_64 KVM virtual machine on a RedHat/Centos 6 hypervisor. If you experience issues with this kernel in a specific setup, reboot and use your fallback kernel to until the issue can be resolved. If you experience an issue with a setup that is not listed above, please send an email to sc...@cu... detailing your setup to we can add it to this list. We apologize for this inconvenience; however, there is little anyone can do about it since this vulnerability is extremely severe and requires a massive change to the kernel to mitigate. This Analysis is Still Ongoing Updates to our analysis can be found at http://security.cucumberlinux.com/security/details.php?id=200. ------------------------------------------------------------------------ CLD and CVE Information This update is associated with the following Cucumber Linux Deficiency (CLD) and CVE numbers: * CLD-200 [CVE-2017-5754] (http://security.cucumberlinux.com/security/details.php?id=200) More information about these CLDs can be found at their respective pages on the Cucumber Linux Security Advisory Tracker (these are the URLs in parenthesis above). ------------------------------------------------------------------------ Installing the Update The updated package can be installed via Pickle by running the following commands (as root): # pickle --update # pickle Make sure linux is selected on the update list, and then select Ok. Pickle will then install the updated package. If you prefer to download the updated package manually, it can be found on the mirror at http://mirror.cucumberlinux.com/cucumber/. ------------------------------------------------------------------------ The Cucumber Linux Security Team cuc...@li... <mailto:cuc...@li...> http://www.cucumberlinux.com/security.php |