Update securedrop kernels to 4.4.161+ #3838
Comments
|
Attempted a build of 4.4.159 kernel, unfortunately it does not boot on a NUC, it hangs on a black screen right after grub. This is likely not a config issue, as there's a 2-line diff in the config from 4.4.144 to 4.4.159. I will wait for 4.4.160 to be released and see if I can reproduce, and debug if necessary. |
|
It's an older model, a NUC5CPYH with a 2nd generation Intel core processor. It's curious, as it boots fine in a VM, and the config is very close to identical. I will be poking around at debugging this. |
|
I've tested the newly-released kernel/patch version 4.4.161 this morning and it seems to be working quite well, we should consider upgrading the packages on apt-test once 0.10.0 is released. |
emkll
changed the title
|
grsecurity-3.1-4.4.162-201810302257.patch solves the issues I've been experiencing. Kernel images have been uploaded to apt-test, strings bump in #3913 and config is tracked here: freedomofpress/ansible-role-grsecurity-build#41 |
Description
Securedrop instances are currently running 4.4.144 kernels.
L1TF and Spectre v4, as well as multiple local privilege escalations vulnerabilities (CVE-2018-0919 and CVE-2018-14634) were fixed after the release of those kernels. While the vulnerabilities above require local code execution to exploit, we should still upgrade the kernel packages.
User Stories
As a securedrop admin, I would like to have the latest kernel for my securedrop instance.
The text was updated successfully, but these errors were encountered: