Page MenuHomePhabricator

Update 3.19 kernel to 3.19.3
Closed, ResolvedPublic


We should update the 3.19 kernel to 3.19.4

Among other changes it provides which might've been the cause for the aes256gcm crashes in the ipsec setup.

It also fixes other security issues (I'll add a list later on)

Event Timeline

MoritzMuehlenhoff raised the priority of this task from to Needs Triage.
MoritzMuehlenhoff updated the task description. (Show Details)
MoritzMuehlenhoff subscribed.

In practice, getting this to the to-be-ipsec nodes will take quite some time for cache reboots once it's in the repo and package updated on the hosts...

(I mention the above mainly as a side note about having ipsec rollout date depend on the fix or not)

MoritzMuehlenhoff renamed this task from Update 3.19 kernel to 3.19.4 to Update 3.19 kernel to 3.19.3.Apr 17 2015, 4:46 PM

3.19.3 was already built in Debian experimental and included the IPSEC patch. Since the 3.19.4 update doesn't fix any further security issues and most of the changes are not relevant for us (e.g. asoc, wireless, arm,powerpc) I added that build the jessie-wikimedia suite on instead.

This fixes CVE-2015-2150 and CVE-2015-2830.

Berkelium and Curium are now upgraded to Debian's 3.19.3 kernels containing the IPsec patch. Next, I will test the aes256gcm and ESN behavior.