How or when are kernels updated?
Being new to a VPS environment I am not to clear on how or when kernels are updated.. I know that running and loading updates from the command line doesn't appear to pull down any updated kernel packages as it would on a "normal" server..
Can someone fill me in?
Thanks..
4 Replies
You can run your own kernel if you like, using pv_grub, but I let Linode take care of it, and simply choose the latest paravirt kernel.
Anything talking about a "local attacker" (most of the ones on the list in this case) for most servers implies they've already broken through some other avenue into your system, at which point you probably have a bigger problem than these flaws. Of course, if you do permit local user logins on your Linode (as opposed to all access being through services like a web application) then you may need to investigate the items further to see what rights may be needed to take advantage.
Items specific to certain services (such as CIFS or NFS) can be considered in the context of whether you actually operate such services publically or if they're already filtered.
I suspect in the context of most Linode servers, very few of these items represent direct exposures, sans some other intrusion that itself likely carries more risk of harm or loss of data.
I do think it would be helpful to have a summary of local patches, if any, backported into the -linode## kernels, but am not sure if that is published anywhere. You can, however, download the source to those kernels (
While there are certainly some critical patches back-ported, as a first approximation it's most likely fair to assume that if a CVE fix is noted as appearing in kernel x.y.z and the Linode kernel is earlier than that (or if the most recent linode version of that kernel was released before the CVE patch), then the fix is not yet in the Linode kernel.
– David
@bryantrv:
You are running a Linode kernel, which is chosen via the dashboard, and I believe they are kept fully patched.
You can run your own kernel if you like, using pv_grub, but I let Linode take care of it, and simply choose the latest paravirt kernel.
Does this mean I would need to reboot for the new Linode kernel to take effect? I haven't rebooted in months …
@earwax:
Does this mean I would need to reboot for the new Linode kernel to take effect? I haven't rebooted in months …
:shock:
Yes