Re: vulnerability in 8.6

Mon, 07 Nov 2016 10:53:28 -0800 

Hello Mike;

thanks for all help and I checked /boot

$ ls /boot/
config-3.16.0-4-amd64  grub  initrd.img-3.16.0-4-amd64
 System.map-3.16.0-4-amd64  vmlinuz-3.16.0-4-amd64

$ sudo update-grub
[sudo] password for x:
Generating grub configuration file ...
Found background image: /usr/share/images/desktop-base/desktop-grub.png
Found linux image: /boot/vmlinuz-3.16.0-4-amd64
Found initrd image: /boot/initrd.img-3.16.0-4-amd64
done


So, I'm shared below apt policy:

$ apt-cache policy linux-image-3.16.0-4-amd64
linux-image-3.16.0-4-amd64:
  Installed: 3.16.36-1+deb8u2
  Candidate: 3.16.36-1+deb8u2
  Version table:
 *** 3.16.36-1+deb8u2 0
        500 http://security.debian.org/ jessie/updates/main amd64 Packages
        100 /var/lib/dpkg/status
     3.16.36-1+deb8u1 0
        500 http://ftp.debian.org/debian/ jessie/main amd64 Packages
     3.16.7-ckt25-2 0
        500 http://ftp.debian.org/debian/ jessie-updates/main amd64 Packages


Regards,

Ozgur


2016-11-07 20:18 GMT+03:00 Mike Oliver <m...@mopmeat.net>:

> Can we confirm whether or not the kernel is already installed? Is the
> newest version in the kernel in /boot? It's unclear from what's been said
> if the system has even been rebooted into the updated kernel.
>
>
>
> On 11/07/2016 08:55 AM, Eduardo M KALINOWSKI wrote:
>
>> On Seg, 07 Nov 2016, Ozgur wrote:
>>
>>> I updated the Debian system and again exploit it successful.
>>>
>>
>> No, you didn't. (Well, kinda)
>>
>> $ uname -ar
>>> Linux x 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86_64
>>> GNU/Linux
>>>
>>
>> That's not the latest version, and specifically is not the one in which
>> that vulnerability was fixed. You should have version 3.16.36-1+deb8u2 .
>>
>> ~$ cat /etc/apt/sources.list
>>>
>>> deb http://security.debian.org/ jessie/updates main contrib
>>> deb-src http://security.debian.org/ jessie/updates main contrib
>>>
>>> deb http://ftp.debian.org/debian/ jessie-updates main contrib
>>> deb-src http://ftp.debian.org/debian/ jessie-updates main contrib
>>>
>>> deb http://ftp.debian.org/debian/ jessie main contrib
>>> deb-src http://ftp.debian.org/debian/ jessie main contrib
>>>
>>
>> Your sources seem correct, though. What does "apt-cache policy
>> linux-image-3.16.0-4-amd64" says?
>>
>>
>


-- 
Ozgur

Reply via email to