New Kernel - Security fix

tom

tom

Proxmox Staff Member
Staff member
Aug 29, 2006
15,895
1,146
273
Hello Tom

Running apt-get update this morning it is erroring out on a Hash sum mismatch..

Code: 
apt-get update
Hit http://security.debian.org lenny/updates Release.gpg
Hit http://ftp.ca.debian.org lenny Release.gpg
Hit http://download.proxmox.com lenny Release.gpg
Ign http://security.debian.org lenny/updates/main Translation-en_US
Ign http://ftp.ca.debian.org lenny/main Translation-en_US
Ign http://download.proxmox.com lenny/pve Translation-en_US
Hit http://download.proxmox.com lenny Release
Ign http://download.proxmox.com lenny/pve Packages/DiffIndex
Ign http://download.proxmox.com lenny/pve Packages
Hit http://ftp.ca.debian.org lenny Release
Ign http://ftp.ca.debian.org lenny/main Packages/DiffIndex
Hit http://security.debian.org lenny/updates Release
Ign http://security.debian.org lenny/updates/main Packages/DiffIndex
Hit http://security.debian.org lenny/updates/main Packages
Hit http://ftp.ca.debian.org lenny/main Packages
Get:1 http://download.proxmox.com lenny/pve Packages [4465B]
Fetched 1B in 0s (4B/s)
W: Failed to fetch http://download.proxmox.com/debian/dists/lenny/pve/binary-amd64/Packages.gz  Hash Sum mismatch

E: Some index files failed to download, they have been ignored, or old ones used instead.
I assume this is a problem on your end?

Thanks
 
The update seems to go on correctly...

# apt-get update

Get:1 http://security.debian.org lenny/updates Release.gpg [835B]
Get:2 http://security.debian.org lenny/updates Release [40.8kB]
Get:3 http://download.proxmox.com lenny Release.gpg [189B]
Get:4 http://http.us.debian.org lenny Release.gpg [1032B]
Get:5 http://download.proxmox.com lenny Release [1883B]
Get:6 http://http.us.debian.org lenny Release [73.6kB]
Ign http://download.proxmox.com lenny/pve Packages/DiffIndex
Ign http://security.debian.org lenny/updates/main Packages/DiffIndex
Ign http://download.proxmox.com lenny/pve Packages
Ign http://security.debian.org lenny/updates/contrib Packages/DiffIndex
Get:7 http://security.debian.org lenny/updates/main Packages [160kB]
Get:8 http://download.proxmox.com lenny/pve Packages [4465B]
Get:9 http://http.us.debian.org lenny/main Packages [5245kB]
Hit http://security.debian.org lenny/updates/contrib Packages
Get:10 http://http.us.debian.org lenny/contrib Packages [71.9kB]
Fetched 5600kB in 3min19s (28.1kB/s)
Reading package lists... Done

# apt-get dist-upgrade

Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
pve-kernel pve-kernel-2.6.24-7-pve
2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 38.0MB of archives.
After this operation, 0B of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://download.proxmox.com lenny/pve pve-kernel-2.6.24-7-pve 2.6.24-10 [38.0MB]
Get:2 http://download.proxmox.com lenny/pve pve-kernel 2.6.24-10 [624B]
Fetched 38.0MB in 2min42s (234kB/s)
(Reading database ... 25074 files and directories currently installed.)
Preparing to replace pve-kernel-2.6.24-7-pve 2.6.24-8 (using .../pve-kernel-2.6.24-7-pve_2.6.24-10_amd64.deb) ...
Unpacking replacement pve-kernel-2.6.24-7-pve ...
Preparing to replace pve-kernel 2.6.24-8 (using .../pve-kernel_2.6.24-10_amd64.deb) ...
Unpacking replacement pve-kernel ...
Setting up pve-kernel-2.6.24-7-pve (2.6.24-10) ...
Searching for GRUB installation directory ... found: /boot/grub
Searching for default file ... found: /boot/grub/default
Testing for an existing GRUB menu.lst file ... found: /boot/grub/menu.lst
Searching for splash image ... none found, skipping ...
Found kernel: /vmlinuz-2.6.24-7-pve
Found kernel: /memtest86+.bin
Updating /boot/grub/menu.lst ... done

Setting up pve-kernel (2.6.24-10) ...
Click to expand...
 
I have updated and at the end i get:
Setting up pve-kernel (2.6.24-10) ...

when i run uname -a i get this:

Linux proxmox 2.6.24-7-pve #1 SMP PREEMPT Mon Aug 17 10:37:00 CEST 2009 x86_64 GNU/Linux

So is not using the new kernel?

On /boot/grub/menu.lst i have this:

title Proxmox Virtual Environment, kernel 2.6.24-7-pve
root (hd0,0)
kernel /vmlinuz-2.6.24-7-pve root=/dev/mapper/pve-root ro
initrd /initrd.img-2.6.24-7-pve

title Proxmox Virtual Environment, kernel memtest86+
root (hd0,0)
kernel /memtest86+.bin

So i think that new kerel didn't update the grub.
 
Last edited by a moderator:
We did not change the kernel name, because it is a security fix only - everything should be binary compatible. So the new kernel is also called '2.6.24-7-pve'. But you need to reboot to activate the new kernel.
 
No problems pinging download.proxmox.com or fetching Packages.gz via wget..

Code: 
pve01:/backup# ping download.proxmox.com
PING download.proxmox.com (92.51.129.73) 56(84) bytes of data.
64 bytes from lvps92-51-129-73.dedicated.hosteurope.de (92.51.129.73): icmp_seq=1 ttl=51 time=116 ms
64 bytes from lvps92-51-129-73.dedicated.hosteurope.de (92.51.129.73): icmp_seq=2 ttl=51 time=117 ms
Code: 
pve01:/backup# wget http://download.proxmox.com/debian/dists/lenny/pve/binary/binary-amd64/Packages.gz
Resolving download.proxmox.com... 92.51.129.73
Connecting to download.proxmox.com|92.51.129.73|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4465 (4.4K) [application/x-gzip]
Saving to: `Packages.gz'

100%[=========================================================================================>] 4,465       --.-K/s   in 0.1s

2009-08-18 02:43:15 (36.8 KB/s) - `Packages.gz' saved [4465/4465]
'aptitude update ; aptitude upgrade' runs fine, but does not pick up the new kernel release. There is no newer kernel in /boot then vmlinuz-2.6.24-7-pve dated June 2nd 2009.

Any ideas? Thanks
 
Yes i have rebooted, but i have seen this line: Preparing to replace pve-kernel 2.6.24-8 (using .../pve-kernel_2.6.24-10_amd64.deb) ...

Maeby something went bad on update but if you say is because didn't change kernel name no problem, thanks for the update.
 
Er my mistake, there was a configuration error with our squid proxy that was caching the file and thus showing the problem.

Running 'apt-get update -o Debug::Acquire::http=True' showed the error.

Cheers
 
_El_Chojin_ said:
Yes i have rebooted, but i have seen this line: Preparing to replace pve-kernel 2.6.24-8 (using .../pve-kernel_2.6.24-10_amd64.deb) ...
Click to expand...

Above is correct! Don't confuse kernel name with package versions. Also, package pve-kernel is a virtual package, not the kernel itself ;-)
 
Hi,

When we went through the process for this security update and rebooted, the server would not boot - kernel panic messages related to can't mount /dev/...'. This happened on both servers on which we did the kernel update/upgrade.

(Note these servers are not standard installs, as they use PVE over software RAID, so this problem may be unique to software RAID or other non-standard installs straight on Debian Lenny.)

The way to avoid the problem is after apt-get update and apt-get upgrade, but *before* rebooting, execute the following command:

update-initramfs -k 2.6.24-7-pve -v -u -t

Rebooting afterward should work.

It might be a bit confusing that there are some other kernel numbers that refer to 2.6.24-10, but for this particular upgrade at this time the 2.6.24-7-pve is still the right number.

If by accident the server is rebooted before executing the additional command, you will need to boot with the standard kernel instead of the Proxmox kernel, execute the above command, then reboot again with the Proxmox kernel. Everything should operate normally again after that.

While we did not try it specifically, I believe that executing the update-initramfs command won't hurt if it is not required. Therefore if you are managing a remote server, you may want to execute the command routinely after a kernel update anyway, in order to avoid a trip to the physical server if you don't have boot KVM access.

Hope our experience saves someone else using the excellent Proxmox VE some time!
 
I think my server has raid (supports raid) but i didn't configure anything o installation, did you do anything when install to have software raid? i only selected to install on sda1 when the intallation asked me on whick hd i would like to install proxmox.

Is there any way to know if i'm having raid?
 
Have some problems after apt-get upgrade with latest kernel security. Install seemed to work OK but some containers (Unubntu 8.04L) now are not able to start and remain in mounted state.

Basically the container dies after about 1 second of starting...(see below)

2009-08-19T20:49:48+1000 vzctl : CT 105 : Container start in progress...
2009-08-19T20:50:01+1000 venetclean : CT 105 : CT died, clear IPs: 172.16.27.79

Any thoughts ?

---
Log started: 2009-08-19 20:04:21
(Reading database ... 31959 files and directories currently installed.)
Preparing to replace pve-kernel-2.6.24-7-pve 2.6.24-8 (using .../pve-kernel-2.6.24-7-pve_2.6.24-10_amd64.deb) ...
Unpacking replacement pve-kernel-2.6.24-7-pve ...
Preparing to replace pve-kernel 2.6.24-8 (using .../pve-kernel_2.6.24-10_amd64.deb) ...
Unpacking replacement pve-kernel ...
Setting up pve-kernel-2.6.24-7-pve (2.6.24-10) ...
Searching for GRUB installation directory ... found: /boot/grub
Searching for default file ... found: /boot/grub/default
Testing for an existing GRUB menu.lst file ... found: /boot/grub/menu.lst
Searching for splash image ... none found, skipping ...
Found kernel: /vmlinuz-2.6.24-7-pve
Found kernel: /vmlinuz-2.6.24-5-pve
Found kernel: /vmlinuz-2.6.24-2-pve
Found kernel: /vmlinuz-2.6.24-1-pve
Found kernel: /memtest86+.bin
Updating /boot/grub/menu.lst ... done

Setting up pve-kernel (2.6.24-10) ...
 
Yes, restarted a few times.

Definitely something in this kernel version as I have changed the default in
/boot/grub/menu.lst to 1 (kernel 2.6.24-5-pve) rebooted and all containers are starting OK now.

Trying to find any clues in log files but cannot see any errors, warnings etc
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back