1. Forum
  2. Usenet
  3. LINUX.DEBIAN.USER

  • Re: Bookworm and its kernel: any updates coming?

    From Michael =?utf-8?B?S2rDtnJsaW5n?=@21:1/5 to All on Mon Jun 3 16:20:01 2024
    On 3 Jun 2024 08:40 -0500, from [email protected] (Tom Browder):
    I keep getting emails concerning the serious kernel vulnerability in
    kernels 5.14 through 6.6.

    I have not seen any updates and uname -a shows: 6.1.0-13-amd64

    Something's broken on your end.

    Bookworm is currently at ABI 6.1.0-21 / kernel 6.1.90-1 since May 6
    [1]. Bookworm Backports seems to have a 6.7.12 kernel.

    https://packages.debian.org/bookworm/linux-image-amd64

    https://tracker.debian.org/news/1527641/accepted-linux-signed-amd64-61901-source-into-stable-security/

    IIRC (but without having checked) 6.1.0-13 was around the kernel data corruption bug incident. Check your apt pins to ensure that you're not
    blocking too much.

    --
    Michael Kjörling 🔗 https://michael.kjorling.se “Remember when, on the Internet, nobody cared that you were a dog?”

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Michael =?utf-8?B?S2rDtnJsaW5n?=@21:1/5 to All on Mon Jun 3 18:20:01 2024
    On 3 Jun 2024 09:51 -0500, from [email protected] (Tom Browder):
    But another remote host seems to have the same problem. Each host comes
    from a different provider and had slightly different default pinnings in '/etc/apt/sources.list'.

    I'll double-check my pinnings.

    Try: apt-cache policy linux-image-amd64

    Here's the output of that from my system, only slightly anonymized,
    for comparison:

    linux-image-amd64:
    Installed: 6.1.90-1
    Candidate: 6.1.90-1
    Version table:
    *** 6.1.90-1 500
    500 http://security.debian.org bookworm-security/main amd64 Packages
    100 /var/lib/dpkg/status
    6.1.76-1 500
    500 https://mirror.debian.example/debian bookworm/main amd64 Packages
    6.1.67-1 500
    500 https://mirror.debian.example/debian bookworm-updates/main amd64 Packages

    I also double-checked, and 6.1.0-13 is indeed the ABI version
    immediately preceding the kernel bugs incident. The kernels affected
    by that in mainline Debian were 6.1.0-14/6.1.64* and 6.1.0-15/6.1.66*;
    the latter by unrelated bug #1057967 which may or may not affect you.
    This further reinforces my belief that the problem is likely to be an
    errant apt pin meant to exclude those kernels from being installed accidentally, and which ended up matching too much. (The other obvious possibility would be that the mirror you're using stopped updating
    around that time, but frankly that seems less likely, especially if
    you are seeing the same behavior across two different hosting
    providers.)

    --
    Michael Kjörling 🔗 https://michael.kjorling.se “Remember when, on the Internet, nobody cared that you were a dog?”

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Michael =?utf-8?B?S2rDtnJsaW5n?=@21:1/5 to All on Mon Jun 3 18:40:01 2024
    On 3 Jun 2024 11:29 -0500, from [email protected] (Tom Browder):
    Thanks for your concern and help.

    You're welcome. Glad you got it sorted.

    --
    Michael Kjörling 🔗 https://michael.kjorling.se “Remember when, on the Internet, nobody cared that you were a dog?”

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From [email protected]@21:1/5 to Tom Browder on Mon Jun 3 20:20:01 2024
    On 6/3/24 09:40, Tom Browder wrote:
    I keep getting emails concerning the serious kernel vulnerability in
    kernels 5.14 through 6.6.

    I have not seen any updates and uname -a shows: 6.1.0-13-amd64
    On 6/3/24 09:40, Tom Browder wrote:
    I keep getting emails concerning the serious kernel vulnerability in
    kernels 5.14 through 6.6.

    I have not seen any updates and uname -a shows: 6.1.0-13-amd64

    Anyone concerned?

    I have the same kernel, and no updates.

    eben@cerberus:~$ sudo apt-get update
    [sudo] password for eben:
    Hit:1 http://deb.debian.org/debian bookworm InRelease
    Hit:2 http://deb.debian.org/debian bookworm-updates InRelease
    Hit:3 http://deb.debian.org/debian bookworm-proposed-updates InRelease
    Hit:4 http://deb.debian.org/debian bookworm-backports InRelease
    Hit:5 http://deb.debian.org/debian-security bookworm-security InRelease
    Hit:6 https://deb.torproject.org/torproject.org bookworm InRelease
    Hit:7 https://www.deb-multimedia.org bookworm InRelease
    Reading package lists... Done

    eben@cerberus:~$ apt list --upgradable
    Listing... Done

    eben@cerberus:~$ apt-cache policy linux-image-amd64
    linux-image-amd64:
    Installed: (none)
    Candidate: 6.1.90-1
    Version table:
    6.7.12-1~bpo12+1 100
    100 http://deb.debian.org/debian bookworm-backports/main amd64 Packages
    6.1.90-1 500
    500 http://deb.debian.org/debian bookworm-proposed-updates/main
    amd64 Packages
    500 http://deb.debian.org/debian-security bookworm-security/main
    amd64 Packages
    6.1.76-1 500
    500 http://deb.debian.org/debian bookworm/main amd64 Packages
    6.1.67-1 500
    500 http://deb.debian.org/debian bookworm-updates/main amd64 Packages

    What am I doing wrong? Also, I'm not sure how to interpret the apt-cache output.


    --

    This message was created using recycled electrons.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Greg Wooledge@21:1/5 to [email protected] on Mon Jun 3 21:10:02 2024
    On Mon, Jun 03, 2024 at 02:18:40PM -0400, [email protected] wrote:
    eben@cerberus:~$ apt-cache policy linux-image-amd64
    linux-image-amd64:
    Installed: (none)
    Candidate: 6.1.90-1

    What am I doing wrong?

    You haven't installed the linux-image-amd64 metapackage, which means
    you will not be offered new kernel versions automatically. This isn't technically "wrong", but it's not (or should not be) a common choice.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From [email protected]@21:1/5 to Greg Wooledge on Mon Jun 3 23:00:01 2024
    On 6/3/24 15:06, Greg Wooledge wrote:
    On Mon, Jun 03, 2024 at 02:18:40PM -0400, [email protected] wrote:
    eben@cerberus:~$ apt-cache policy linux-image-amd64
    linux-image-amd64:
    Installed: (none)
    Candidate: 6.1.90-1

    What am I doing wrong?

    You haven't installed the linux-image-amd64 metapackage, which means
    you will not be offered new kernel versions automatically. This isn't technically "wrong", but it's not (or should not be) a common choice.

    eben@cerberus:~$ apt-cache policy linux-image-amd64
    linux-image-amd64:
    Installed: 6.1.90-1
    Candidate: 6.1.90-1

    Excellent, thank you.

    Also, if you happen to have a bit of a post selected in Tbird when you hit "Reply List", it starts your reply with just that piece. That's a
    reasonable action, I guess, just not what I expected.

    --
    LEO: Now is not a good time to photocopy your butt and staple it
    to your boss' face, oh no. Eat a bucket of tuna-flavored pudding
    and wash it down with a gallon of strawberry Quik. -- Weird Al

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)