VMware won't compile for kernel 2.6.26.7 (was: [SATLUG] Testing)

Daniel J. Givens daniel at rugmonster.org
Sun Jun 22 20:03:31 CDT 2008


On Sun, 22 Jun 2008 17:37:09 -0500
Al Castanoli <afcasta at satx.rr.com> wrote:

> On Sun, 2008-06-22 at 15:55 -0500, John D Choate wrote:
> > After 5.5 years of using Linux (Mandrake/Mandriva), I have never
> > compiled a kernel. I know it would be a good learning experience
> > for me, but I've never found any other reason for doing it.
> 
> There's a vulnerability message out on kernels below 2.5.25.6 that
> requires some of us who maintain government computers to do a kernel
> upgrade.  None of my RHEL or Scientific Linux servers have an .rpm
> package high enough so I rolled one from scratch using 2.5.25.7 from
> kernel.org and it went pretty well.

First, let me say that this really should have been a new topic
altogether, not a reply to an existing thread. Yes, I use a threaded
email client (Claws Mail) and there are certain threads I just don't
follow. It was only by chance that I read this one.

I assume you're talking about the 2.6 kernels, not 2.5 since those were
development releases. Red Hat, along with most other distribution
makers, have a policy of backporting bug fixes. You should read the
article on this at the Red Hat site.

http://www.redhat.com/security/updates/backporting/

You will find that your update notifications from any government entity
will reference a CVE number. 

http://cve.mitre.org/

Red Hat (and most others) will give you the CVE that an update
addresses for compliance tracking purposes. You can find a list of the
Red Hat update advisories by product at:

https://rhn.redhat.com/errata/

You can click on the link for the version you have.

Also, having been an ISSO (information system security officer) prior
to getting out of the AF, I know that the compliance date on those is
typically long enough that the software makers can get an update out
there for you. With that considered, If this is for CVE 2008-2750, it
was only released a few days ago, so give Red Hat a chance to get an
updated kernel package out there and don't freak out. 

> Now that my server's compliant with information assurance
> requirements, VMware won't run on it, and that's what it was for.
> Since nobody can use it now, it should be really secure.  I tried
> vmware-any-any-115.tgz, but even that did't work.

There are newer versions out there.

http://groups.google.com/group/vmkernelnewbies/browse_thread/thread/b57361dd2b47521c

Daniel


More information about the SATLUG mailing list