"Dirty Cow" kernel security upgrade

Posts: 11
bdp1
Joined: 29 Oct 2016
#1
On installing the"Dirty Cow" safe-upgrade with aptitude, the following occurred.

This was a recent AntiX16 full Jessie install with a few KDE libraries for Kwrite and Okular, but not the rest of the KDE suite.

On reboot everything still works, since I don't need the kernel modules involved.

The following is just for information only, in case it may help someone else.

---

Code: Select all

# aptitude safe-upgrade
The following packages will be upgraded: 
  linux-headers-4.4.10-antix.1-amd64-smp 
  linux-image-4.4.10-antix.1-amd64-smp 
2 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 43.3 MB of archives. After unpacking 38.9 kB will be freed.
Do you want to continue? [Y/n/?] 
Get: 1 http://antix.daveserver.info/jessie/ jessie/main linux-headers-4.4.10-antix.1-amd64-smp amd64 4.4.10-antix.1-amd64-smp-1 [7,193 kB]
Get: 2 http://antix.daveserver.info/jessie/ jessie/main linux-image-4.4.10-antix.1-amd64-smp amd64 4.4.10-antix.1-amd64-smp-1 [36.1 MB]
Fetched 43.3 MB in 4min 34s (157 kB/s)                                          
(Reading database ... 140598 files and directories currently installed.)
Preparing to unpack .../linux-headers-4.4.10-antix.1-amd64-smp_4.4.10-antix.1-amd64-smp-1_amd64.deb ...
Unpacking linux-headers-4.4.10-antix.1-amd64-smp (4.4.10-antix.1-amd64-smp-1) over (4.4.10-antix.1-amd64-smp-1) ...
Preparing to unpack .../linux-image-4.4.10-antix.1-amd64-smp_4.4.10-antix.1-amd64-smp-1_amd64.deb ...
dkms: removing: broadcom-sta 6.30.223.271 (4.4.10-antix.1-amd64-smp) (x86_64)

-------- Uninstall Beginning --------
Module:  broadcom-sta
Version: 6.30.223.271
Kernel:  4.4.10-antix.1-amd64-smp (x86_64)
-------------------------------------

Status: Before uninstall, this module version was ACTIVE on this kernel.

wl.ko:
 - Uninstallation
   - Deleting from: /lib/modules/4.4.10-antix.1-amd64-smp/updates/dkms/
 - Original module
   - No original module was found for this module on this kernel.
   - Use the dkms install command to reinstall any previous module version.

depmod.....

Backing up initrd.img-4.4.10-antix.1-amd64-smp to /boot/initrd.img-4.4.10-antix.1-amd64-smp.old-dkms
Making new initrd.img-4.4.10-antix.1-amd64-smp
(If next boot fails, revert to initrd.img-4.4.10-antix.1-amd64-smp.old-dkms image)
update-initramfs....

DKMS: uninstall completed.

------------------------------
Deleting module version: 6.30.223.271
completely from the DKMS tree.
------------------------------
Done.
dkms: removing: virtualbox-guest 4.3.36 (4.4.10-antix.1-amd64-smp) (x86_64)

-------- Uninstall Beginning --------
Module:  virtualbox-guest
Version: 4.3.36
Kernel:  4.4.10-antix.1-amd64-smp (x86_64)
-------------------------------------

Status: Before uninstall, this module version was ACTIVE on this kernel.

vboxguest.ko:
 - Uninstallation
   - Deleting from: /lib/modules/4.4.10-antix.1-amd64-smp/updates/
 - Original module
   - No original module was found for this module on this kernel.
   - Use the dkms install command to reinstall any previous module version.

vboxsf.ko:
 - Uninstallation
   - Deleting from: /lib/modules/4.4.10-antix.1-amd64-smp/updates/
 - Original module
   - No original module was found for this module on this kernel.
   - Use the dkms install command to reinstall any previous module version.

vboxvideo.ko:
 - Uninstallation
   - Deleting from: /lib/modules/4.4.10-antix.1-amd64-smp/updates/
 - Original module
   - No original module was found for this module on this kernel.
   - Use the dkms install command to reinstall any previous module version.

depmod....

DKMS: uninstall completed.

------------------------------
Deleting module version: 4.3.36
completely from the DKMS tree.
------------------------------
Done.
Unpacking linux-image-4.4.10-antix.1-amd64-smp (4.4.10-antix.1-amd64-smp-1) over (4.4.10-antix.1-amd64-smp-1) ...
Setting up linux-headers-4.4.10-antix.1-amd64-smp (4.4.10-antix.1-amd64-smp-1) ...
Setting up linux-image-4.4.10-antix.1-amd64-smp (4.4.10-antix.1-amd64-smp-1) ...
Error! Bad return status for module build on kernel: 4.4.10-antix.1-amd64-smp (x86_64)
Consult /var/lib/dkms/ndiswrapper/1.59/build/make.log for more information.
update-initramfs: Generating /boot/initrd.img-4.4.10-antix.1-amd64-smp
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8107e-2.fw for module r8169
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8107e-1.fw for module r8169
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8168h-2.fw for module r8169
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8168h-1.fw for module r8169
Generating grub configuration file ...
Found background: /usr/share/wallpaper/back.jpg
Found background image: /usr/share/wallpaper/back.jpg
Found linux image: /boot/vmlinuz-4.4.10-antix.1-amd64-smp
Found initrd image: /boot/initrd.img-4.4.10-antix.1-amd64-smp
Found memtest86+ image: /memtest86+.bin
Found memtest86+ multiboot image: /memtest86+_multiboot.bin
Found Debian GNU/Linux (7.11) on /dev/sda3
done
                                         
Current status: 0 updates [-2].
Posts: 148
figosdev
Joined: 29 Jun 2017
#2
is this fixed in 16.2?

on refracta i managed to create a new iso with an updated kernel (back when refracta had an older one) in place of the vulnerable version. but for antix i simply dont recognise the relevant version changes-- even after a quick look at this thread.
anticapitalista
Posts: 5,959
Site Admin
Joined: 11 Sep 2007
#3
figosdev wrote:is this fixed in 16.2?
Of course, line 3

antix-16-2-berta-caceres-point-release-available-t7013.html