[ubuntu-hardened] USN-1941-1 for 12.04 LTS: Linux kernel vulnerabilities
John Johansen
john.johansen at canonical.com
Sun Sep 8 13:13:39 UTC 2013
On 09/08/2013 05:40 AM, Daniel Curtis wrote:
>
> Hi John
>
> I don't use '-proposed' updates for months. Yes, I'm pretty
> sure that I didn't think about *.52 kernel version.
>
> What could be a reason for using *.53 kernel for a days, weeks
> without '-proposed' updates? If I remember correctly, kernel was
> updated via APT utility. I mean *.52 to *.53 version. I was surprised,
- A manual install via dpkg
- Having -proposed enabled
- Having another ppa enabled that is mirroring or building kernels based
off of what is in proposed instead of updates. One would hope it would
get a suffix to distinguish it but ...
- A bug with apt
I would look at my /etc/apt/sources.list and every source in
/etc/apt/sources.list.d/* and ensure proposed in not enabled some where
I would check my /var/log/apt/history.log(s) and verify when the .53
kernel was installed, from your previous mails that was on Friday
September 6, are there any other entries relating to this kernel
being installed. Apt should be keeping a log of what it installs.
> because there was not any notice on e.g. USN website. New kernel
> version (*.53) appeared after 'apt-get update/upgrade' command.
>
That is because the .53 kernel was not copied to the -security pocket
until Sept 6. USN notifications are only published after a new version
of a package is copied into the -security pocket
> Could it be a security issue or related to e.g. system compromise?
>
Not likely. It is much more likely to be a configuration error.
More information about the ubuntu-hardened
mailing list