How to check kernel "livepatch" version?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

How to check kernel "livepatch" version?

Daniel Howard
Hello,

Regarding LSN-0037-1, posted to ubuntu-security last week: how does one verify that they are running a properly patched kernel? All of my apt-based tools refer to the kernel version as, for example, 4.4.0.121.127, but the security announcement refers to a "livepatch version" ... which appears to be a commercial subscription service.

If I am not a livepatch subscriber, what kernel version should I be running to be safe against the vulnerabilities disclosed in LSN-0037-1?

Thanks,
-danny


The problem can be corrected by updating your livepatches to the following
versions:

| Kernel          | Version  | flavors                  |
|-----------------+----------+--------------------------|
| 4.4.0-116.140   | 37.2     | generic, lowlatency      |
| 4.4.0-119.143   | 37.2     | generic, lowlatency      |
| 4.4.0-121.145   | 37.2     | generic, lowlatency      |
| 4.4.0-122.146   | 37.2     | generic, lowlatency      |
| 4.4.0-116.140~14.04.1 | 37.2     | generic, lowlatency      |
| 4.4.0-119.143~14.04.1 | 37.2     | generic, lowlatency      |
| 4.4.0-121.145~14.04.1 | 37.2     | generic, lowlatency      |

Additionally, you should install an updated kernel with these fixes and
reboot at your convienience.


 
--
Ceci n'est pas une signature.


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: How to check kernel "livepatch" version?

Colin Watson
On Mon, May 07, 2018 at 01:05:52PM -0700, Daniel Howard wrote:
> Regarding LSN-0037-1, posted to ubuntu-security last week: how does one
> verify that they are running a properly patched kernel? All of my apt-based
> tools refer to the kernel version as, for example, 4.4.0.121.127, but the
> security announcement refers to a "livepatch version" ... which appears to
> be a commercial subscription service.

Yes, although it's free-as-in-beer for personal use for up to three
machines.

  https://www.ubuntu.com/server/livepatch

If installed, "canonical-livepatch status" shows the livepatch version
among its output.

> If I am not a livepatch subscriber, what kernel version should I be running
> to be safe against the vulnerabilities disclosed in LSN-0037-1?

I *think* non-livepatch fixes for these are still in progress
(4.4.0-123.147, possibly), but I'm not a kernel developer so I could
well be very wrong.  My main point in sending this message was to
provide information on the status command.

--
Colin Watson                                       [[hidden email]]

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users