[SATLUG] unthreaded VMware kernel fun
afcasta at satx.rr.com
Tue Jun 24 15:01:42 CDT 2008
On Sun, 2008-06-22 at 20:03 -0500, Daniel J. Givens wrote:
> On Sun, 22 Jun 2008 17:37:09 -0500
> Al Castanoli <afcasta at satx.rr.com> wrote:
> > On Sun, 2008-06-22 at 15:55 -0500, John D Choate wrote:
> > > After 5.5 years of using Linux (Mandrake/Mandriva), I have never
> > > compiled a kernel. I know it would be a good learning experience
> > > for me, but I've never found any other reason for doing it.
> > There's a vulnerability message out on kernels below 184.108.40.206 that
> > requires some of us who maintain government computers to do a kernel
> > upgrade. None of my RHEL or Scientific Linux servers have an .rpm
> > package high enough so I rolled one from scratch using 220.127.116.11 from
> > kernel.org and it went pretty well.
> First, let me say that this really should have been a new topic
> altogether, not a reply to an existing thread. Yes, I use a threaded
> email client (Claws Mail) and there are certain threads I just don't
> follow. It was only by chance that I read this one.
It's a bad habit from years of reading alt.folklore.computers and
> I assume you're talking about the 2.6 kernels, not 2.5 since those were
> development releases.
Yes, I tossed in a typo. I got it right in the original subject, but
wrong in the text of the message. The kernels I'm unable to use with
VMware are the two most recent - 18.104.22.168 and 22.214.171.124.
> Red Hat, along with most other distribution
> makers, have a policy of backporting bug fixes. You should read the
> article on this at the Red Hat site.
> You will find that your update notifications from any government entity
> will reference a CVE number.
> Red Hat (and most others) will give you the CVE that an update
> addresses for compliance tracking purposes. You can find a list of the
> Red Hat update advisories by product at:
> You can click on the link for the version you have.
I appreciate the pointer, but the errata pages don't address this
> Also, having been an ISSO (information system security officer) prior
> to getting out of the AF, I know that the compliance date on those is
> typically long enough that the software makers can get an update out
> there for you. With that considered, If this is for CVE 2008-2750, it
> was only released a few days ago, so give Red Hat a chance to get an
> updated kernel package out there and don't freak out.
With the Oracle CPUs coming out again next month, I don't have the
luxury of waiting for vendor support. I was an ISSO when I retired from
the military, too, and am used to freaking out. The IA staff I report
to expect compliance within a week of these messages, regardless of what
dates are given on the vulnerability messages. That said, it took me
three years to get permission to run Linux, and I don't want to give the
Windowphiles any ammunition.
> > Now that my server's compliant with information assurance
> > requirements, VMware won't run on it, and that's what it was for.
> > Since nobody can use it now, it should be really secure. I tried
> > vmware-any-any-115.tgz, but even that did't work.
> There are newer versions out there.
Thanks - I tried up through update-117b and none of those worked,
either. I guess I'll just have to wait.
More information about the SATLUG