Re: is it possible to update kernel on out-of-data SL5?

[Stephan Wiesand]

On Jun 22, 2017, at 00:07 , WILLIAM J LUTTER wrote:

> Recently there has been the "stack-clash" exploit that impacts several OS 
> including linux
> 
> (CVE-2017-1000364).   Unfortunately, I maintain several old SL5 PCs.   For 
> instance, one of them is 5.7 with a 2.6.18-419 kernel.

Which until a couple of weeks ago was ok (if you subscribe to TUV's point of 
view regarding urgency/criticality of fixes), thanks to SL allowing "sitting on 
a release".

> I suppose that kernels for SL/Centos/Redhat kernels that would be compatible 
> with say SL5.7 are not maintained, so when exploits get too bad, then time to 
> install SL7?

Well, if 10 years of SL5 life weren't sufficient, you can purchase a RHEL 
subscription plus ELS add-on for each of your legacy systems, which would buy 
you three more years.

AFAIK Oracle claims to support its products (including their RHEL clone) 
"forever" if you just have the money.

> Are there kernels that are kept up to date that could be installed for older 
> SL5 via rpmfind or some such repo/download site?

It should still be possible to run SL5 with a mainline kernel. ELRepo used to 
maintain such kernels, readily packaged for EL, but I'm not sure whether they 
still do for EL5. Probably not.

Note that the kernel change is only part of the solution for the "stack clash" 
issue. It won't help much without the corresponding glibc changes.

"Containers" may come to the rescue. If your users still requiring an EL5 
environment would get along with an EL5 Singularity container, that would work 
around the issue.

-- 
Stephan Wiesand
DESY -DV-
Platanenenallee 6
15738 Zeuthen, Germany

Re: is it possible to update kernel on out-of-data SL5?

[Paul Robert Marino]

Not trustworthy ones

On Jun 21, 2017 6:08 PM, "WILLIAM J LUTTER"  wrote:

> Recently there has been the "stack-clash" exploit that impacts several OS
> including linux
>
> (CVE-2017-1000364).   Unfortunately, I maintain several old SL5 PCs.   For
> instance, one of them is 5.7 with a 2.6.18-419 kernel.
>
>
> I suppose that kernels for SL/Centos/Redhat kernels that would be
> compatible with say SL5.7 are not maintained, so when exploits get too bad,
> then time to install SL7?
>
>
> Are there kernels that are kept up to date that could be installed for
> older SL5 via rpmfind or some such repo/download site?
>
>
> Bill Lutter
>

is it possible to update kernel on out-of-data SL5?

[WILLIAM J LUTTER]

Recently there has been the "stack-clash" exploit that impacts several OS 
including linux

(CVE-2017-1000364).   Unfortunately, I maintain several old SL5 PCs.   For 
instance, one of them is 5.7 with a 2.6.18-419 kernel.


I suppose that kernels for SL/Centos/Redhat kernels that would be compatible 
with say SL5.7 are not maintained, so when exploits get too bad, then time to 
install SL7?


Are there kernels that are kept up to date that could be installed for older 
SL5 via rpmfind or some such repo/download site?


Bill Lutter

Re: Security ERRATA Important: kernel on SL6.x i386/x86_64

[Mark Stodola]

This particular email was sent to the errata list, but the reply-to 
header is set to the users lists...


On 06/21/2017 02:47 AM, Bill Maidment wrote:

Aha.
Thanks for that. How many mailing lists do we need???
I got confused (not difficult at my age) as the response came on the User list.

Anyway, I echo the response. The team always seems to be on top of security 
issues.
Thank you (and the community) for being so friendly and helpful.

Cheers
Bill

-Original message-

From:Hans Kristian Rosbach 
Sent: Wednesday 21st June 2017 17:30
To: Bill Maidment ; scientific-linux-us...@listserv.fnal.gov
Subject: Re: Security ERRATA Important: kernel on SL6.x i386/x86_64

I think that mail came from the
scientific-linux-err...@listserv.fnal.gov list, so you might
have been removed from that list for some reason, but not from the users
list for example.

--
  Hans Kristian Rosbach
  Servebolt.com / Raske Sider

On 06/21/2017 12:41 AM, Bill Maidment wrote:

Hi. Is there something wrong with this mailing list? I received this response, 
but I never received the original message. This is not the first time I have 
noticed this.
Cheers
Bill


-Original message-

From:Stephan Wiesand 
Sent: Wednesday 21st June 2017 2:58
To: scientific-linux-us...@listserv.fnal.gov
Subject: Re: Security ERRATA Important: kernel on SL6.x i386/x86_64

Kudos to the SL team at FNAL for once again getting the updates for a really 
nasty issue out incredibly quickly. Impressive.

--
Stephan Wiesand
DESY -DV-
Platanenenallee 6
15738 Zeuthen, Germany

RE: Security ERRATA Important: kernel on SL6.x i386/x86_64

[Bill Maidment]

Aha.
Thanks for that. How many mailing lists do we need???
I got confused (not difficult at my age) as the response came on the User list.

Anyway, I echo the response. The team always seems to be on top of security 
issues.
Thank you (and the community) for being so friendly and helpful.

Cheers
Bill 
 
-Original message-
> From:Hans Kristian Rosbach 
> Sent: Wednesday 21st June 2017 17:30
> To: Bill Maidment ; scientific-linux-us...@listserv.fnal.gov
> Subject: Re: Security ERRATA Important: kernel on SL6.x i386/x86_64
> 
> I think that mail came from the 
> scientific-linux-err...@listserv.fnal.gov list, so you might
> have been removed from that list for some reason, but not from the users 
> list for example.
> 
> -- 
>   Hans Kristian Rosbach
>   Servebolt.com / Raske Sider
> 
> On 06/21/2017 12:41 AM, Bill Maidment wrote:
> > Hi. Is there something wrong with this mailing list? I received this 
> > response, but I never received the original message. This is not the first 
> > time I have noticed this.
> > Cheers
> > Bill
> >   
> >   
> > -Original message-
> >> From:Stephan Wiesand 
> >> Sent: Wednesday 21st June 2017 2:58
> >> To: scientific-linux-us...@listserv.fnal.gov
> >> Subject: Re: Security ERRATA Important: kernel on SL6.x i386/x86_64
> >>
> >> Kudos to the SL team at FNAL for once again getting the updates for a 
> >> really nasty issue out incredibly quickly. Impressive.
> >>
> >> -- 
> >> Stephan Wiesand
> >> DESY -DV-
> >> Platanenenallee 6
> >> 15738 Zeuthen, Germany
> >>
> >>
> 
> 

Re: Security ERRATA Important: kernel on SL6.x i386/x86_64

[Hans Kristian Rosbach]

I think that mail came from the 
scientific-linux-err...@listserv.fnal.gov list, so you might
have been removed from that list for some reason, but not from the users 
list for example.


--
 Hans Kristian Rosbach
 Servebolt.com / Raske Sider

On 06/21/2017 12:41 AM, Bill Maidment wrote:

Hi. Is there something wrong with this mailing list? I received this response, 
but I never received the original message. This is not the first time I have 
noticed this.
Cheers
Bill
  
  
-Original message-

From:Stephan Wiesand 
Sent: Wednesday 21st June 2017 2:58
To: scientific-linux-us...@listserv.fnal.gov
Subject: Re: Security ERRATA Important: kernel on SL6.x i386/x86_64

Kudos to the SL team at FNAL for once again getting the updates for a really 
nasty issue out incredibly quickly. Impressive.

--
Stephan Wiesand
DESY -DV-
Platanenenallee 6
15738 Zeuthen, Germany