2

I saw this security vulnerability on the Debian website: https://security-tracker.debian.org/tracker/CVE-2017-5754

stretch (security)  4.9.65-3+deb9u2 fixed

I tried to update it using:

sudo apt-get update && sudo apt-get upgrade

The output was:

Preparing to unpack .../linux-compiler-gcc-6-x86_4.9.65-3+deb9u2_amd64.deb ...
Unpacking linux-compiler-gcc-6-x86 (4.9.65-3+deb9u2) over (4.9.65-3+deb9u1) ...
Preparing to unpack .../linux-kbuild-4.9_4.9.65-3+deb9u2_amd64.deb ...
Unpacking linux-kbuild-4.9 (4.9.65-3+deb9u2) over (4.9.65-3+deb9u1) ...
Preparing to unpack .../linux-libc-dev_4.9.65-3+deb9u2_amd64.deb ...
Unpacking linux-libc-dev:amd64 (4.9.65-3+deb9u2) over (4.9.65-3+deb9u1) ...
Setting up linux-libc-dev:amd64 (4.9.65-3+deb9u2) ...
Setting up linux-compiler-gcc-6-x86 (4.9.65-3+deb9u2) ...
Setting up linux-kbuild-4.9 (4.9.65-3+deb9u2) ...

The output for uname -a is:

4.9.0-4-amd64 #1 SMP Debian 4.9.65-3+deb9u1 (2017-12-23) x86_64 GNU/Linux

The output when I used sudo apt-get update && sudo apt-get upgrade was 4.9.65-3+deb9u2, but in uname -a it's 4.9.65-3+deb9u1. Why didn't the kernel update to the latest version?

karel
  • 1,961
  • 2
  • 17
  • 26
moment43
  • 21
  • 1
  • 3

5 Answers5

3

You can install the latest linux-image including the security updates as follows :

apt install linux-image-4.9.0-5-amd64

Reboot your system.

uname -a
4.9.0-5-amd64 #1 SMP Debian 4.9.65-3+deb9u2 (2018-01-04) x86_64 GNU/Linux

This update will be available through the regular update from the security repository , this a sample sources.list:

deb  http://deb.debian.org/debian stretch main
deb-src  http://deb.debian.org/debian stretch main

deb  http://deb.debian.org/debian stretch-updates main
deb-src  http://deb.debian.org/debian stretch-updates main

deb http://security.debian.org/ stretch/updates main
deb-src http://security.debian.org/ stretch/updates main

The fix is available for debian Sid but the updates cannot be applied through the regular update it appear a bug affecting the unattended-upgrades package, see the @sampablokuper question/answer and the new report bug #886415

To apply the security update on debian Sid:

apt install linux-image-4.14.0-3-amd64
GAD3R
  • 63,407
  • 31
  • 131
  • 192
  • 2
    if there are any dkms modules (e.g. `nvidia-kernel-dkms`, `spl-dkms` and `zfs-dkms`, `virtualbox-dkms`) installed, the matching linux-headers- package should be installed too. i.e. `apt-get install linux-image-4.9.0-5-amd64 linux-headers-4.9.0-5-amd64` – cas Jan 05 '18 at 09:45
2

Did you restart your computer? Most updates are applied without problem without need of restart but that's not the case of kernel updates.

nxnev
  • 3,634
  • 2
  • 12
  • 28
1

The following works for me:

apt-get update && apt-get upgrade linux-image-amd64 linux-headers-amd64

The recommended instructions did not work for me:

apt-get update && apt-get upgrade

I got:

Calculating upgrade... Done
The following packages have been kept back:
  linux-image-amd64
Arthur Barrett
  • 11
  • 2
1

Use apt upgrade instead of apt-get upgrade. Did the trick for me and installed latest kernel.

RenevdM
  • 11
  • 1
-1

snowflake@safespaces:/home/snowflake# uname --all -p -i Linux safespaces 4.9.0-5-amd64 #1 SMP Debian 4.9.65-3+deb9u2 (2018-01-04) x86_64 GNU/Linux

HELLO! i got this on mine after running this cmd 'sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade'

and just to make sure it upped it i ran this: uname --all -p -i and got this Linux safespaces 4.9.0-5-amd64 #1 SMP Debian 4.9.65-3+deb9u2 (2018-01-04) x86_64 GNU/Linux

so i'd say it's working, and this is just a vbox vm

inigo montoya
  • 1