HPE Community
Operating System - Linux
1827963 Members
2498 Online
109973 Solutions
New Discussion

Kernel Upgrade information required.

 
girishb
Frequent Advisor

‎10-16-2006 08:01 AM

‎10-16-2006 08:01 AM

Kernel Upgrade information required.

We have Redhat Linux Servers, some of them are installed with 2.4.21-4.ELsmp kernel and other are with 2.4.20-28.7 kernel.

Recently we came up with the vulnerability "Linux Kernel XT_SCTP-netfilter Remote Denial of Service Vulnerability"

Google search shows "Upgrade to version 2.6.17.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Here are my questions:

1. Can we get kernel update patch or do I need to upgrade the kernel completely, like upgrading from 2.4 Kernel to 2.6 Kernel.

2. Do I need to take backup of the data before performing any upgrade or updates(if required).

Let me know your responses....

I am a new bie and still learning Linix

Early responses are really appreciated.

Thanks
Girish
0 Kudos
Reply
7 REPLIES 7
girishb
Frequent Advisor

‎10-16-2006 08:15 AM

‎10-16-2006 08:15 AM

Re: Kernel Upgrade information required.

Also, a quick question:

If Linux kernel 2.6.17 is vulnerable does that mean kernel 2.4 series is also vulnerable or its just 2.6 series....
0 Kudos
Reply
Ross Minkov
Esteemed Contributor

‎10-16-2006 08:37 AM

‎10-16-2006 08:37 AM

Re: Kernel Upgrade information required.

Girish,

What version of Red Hat do you have? Is it Red Hat Enterprise Linux 3? If yes, what Update. You can get this info from:

cat /etc/redhat-release

-Ross
0 Kudos
Reply
Serviceguard for Linux
Honored Contributor

‎10-16-2006 11:43 AM

‎10-16-2006 11:43 AM

Re: Kernel Upgrade information required.

Rather than just checking Google, check the RedHat web site. For security problems they usually patch just THEIR version of the kernel.

2.4.21-4 sounds like RH3 without any updates.

I can't tell what 2.4.20-28.7 is.

As I rmember, RedHat doesn't support an upgrade of the Kernel from 2.4 to 2.6.

FYI - RH4 is a 2.6.9-xx kernel.

If you have support and the systems are on the network, you can try up2date. That would bring them up to the latest version of RH3 at least. But again, backup first.

2. YES

BTW - your kernels are VERY old so you probably have a lot more vunerabilities waiting for you.
0 Kudos
Reply
Manuel Wolfshant
Trusted Contributor

‎10-16-2006 12:05 PM

‎10-16-2006 12:05 PM

Re: Kernel Upgrade information required.

Although the particular error you speak about does not seem to affect 2.4 kernels, by all means, do install the most recent version of kernel available from RHEL updates ( kernel-2.4.21-47 ). The kernels from RedHat _seem_ to be old, but they are heavily modified and include backported patches. In your case, there is a whole list of fixes which have been included in the newer kernels during the three years since 2.4.21-4 has been released, some of them being security related and with exploits available (such as
"prevent races between /proc access and module unload" included in Nov 2005). You can see the list of fixes yourself if you download the latest available kernel in rpm format and then run the command:
rpm -qp --changelog kernel-2.4.21-47.EL.i686.rpm | less
(Substitute i686 with the version apropriate for you)


As for backup: In 8 years since using RH I have never needed a data backup because of kernel modifications. Since "you never know" [what can happen], backup is always a good idea.

Make sure to preserve the current running kernel, in case something goes wrong and you cannot boot with the new one. In other words, INSTALL the new kernel rather then UPGRADE the existing one.

You could also switch to a 2.6 kernel, but this is a bit more difficult, due to some deeper changes. Since you are not experienced, I would not do it, unless there are other important issues which require a newer version of kernel.
0 Kudos
Reply
Ragu_3
Trusted Contributor

‎10-16-2006 03:44 PM

‎10-16-2006 03:44 PM

Re: Kernel Upgrade information required.

In time, Redhat systems will hit pay-dirt due to "dependancy hell". Anyway, as you have got legacy RH systems, it is better you contact Redhat Support, you may have a vaild support contract.

Upgrade to the latest 2.4.x kernel release alone; if you move to a 2.6.x you have to install the module loader "module-init-tools" and some allied packages too. The downtime required on production systems due to this may be difficult to justify!
Debian GNU/Linux for the Enterprise! Ask HP ...
0 Kudos
Reply
George Liu_4
Trusted Contributor

‎10-17-2006 07:22 AM

‎10-17-2006 07:22 AM

Re: Kernel Upgrade information required.

You may just run

up2date -u
to upgrade everything
0 Kudos
Reply
girishb
Frequent Advisor

‎10-18-2006 12:47 AM

‎10-18-2006 12:47 AM

Re: Kernel Upgrade information required.

Hi Experts,

Thank you very much for the valuable information.

Ross,
We are using RHEL3.0 and RH 9.0

I just wonder, since we have 2.4.21-4.ELsmp version kernel, do I still need to upgrade it to 2.6.17.1 or higher version kernel to prevent the vulnerabilty ""Linux Kernel XT_SCTP-netfilter Remote Denial of Service Vulnerability"

This vulnerablity affects 2.6 and I am not sure whether it will even affect any version release less then 2.6.. like 2.4, 2.2......

Appreciate all your responses...

Thanks .. Girish




do I still need to upgrade the kernel to 2.6.17.1 higher from 2.4.21-4.ELsmp and the vulnerability is for 2.6 version kernel
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.