From 47be1bbf5fc25d423b5c32e6e732b2fa732a87c0 Mon Sep 17 00:00:00 2001 From: Jeremy Hanmer Date: Fri, 26 Sep 2014 09:39:23 -0700 Subject: [PATCH 1/2] install a newer kernel from backports Debian's default 3.2 kernel seems to include a few IPv6-related bugs that, in some cases, make IPv6 forwarding performance unacceptable. The linux-image-3.14-0.bpo.2-amd64 package from backports appears to fix all of those known issues. --- scripts/create-akanda-raw-image.sh | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/scripts/create-akanda-raw-image.sh b/scripts/create-akanda-raw-image.sh index 3d56612..f497b00 100755 --- a/scripts/create-akanda-raw-image.sh +++ b/scripts/create-akanda-raw-image.sh @@ -23,7 +23,7 @@ if [ $RELEASE = "wheezy" ]; then deb http://mirrors.dreamcompute.com/debian $RELEASE-backports main EOF - echo "[*] Setup APT prefrences for bird/bird6 to use $RELEASE-backports" + echo "[*] Setup APT prefrences for bird/bird6 and linux-image/initramfs-tools to use $RELEASE-backports" cat < /etc/apt/preferences.d/bird Package: bird Pin: release a=$RELEASE-backports @@ -32,6 +32,16 @@ Pin-Priority: 1000 Package: bird6 Pin: release a=$RELEASE-backports Pin-Priority: 1000 +EOF + # We need the new kernel in order to fix some IPv6 bugs + cat < /etc/apt/preferences.d/kernel +Package: linux-image +Pin: release a=wheezy-backports +Pin-Priority: 1000 + +Package: initramfs-tools +Pin: release a=wheezy-backports +Pin-Priority: 1000 EOF fi @@ -53,6 +63,9 @@ EOF echo "[*] APT Update" apt-get update || exit 1 +echo "[*] Upgrade to the 3.14 backport kernel" +apt-get -y install linux-image-3.14-0.bpo.2-amd64 + echo "[*] Creating motd file..." cat >/etc/motd < Date: Fri, 26 Sep 2014 10:04:35 -0700 Subject: [PATCH 2/2] upgrade bash to fix CVE-2014-6271 --- scripts/create-akanda-raw-image.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/create-akanda-raw-image.sh b/scripts/create-akanda-raw-image.sh index f497b00..1660d73 100755 --- a/scripts/create-akanda-raw-image.sh +++ b/scripts/create-akanda-raw-image.sh @@ -63,8 +63,8 @@ EOF echo "[*] APT Update" apt-get update || exit 1 -echo "[*] Upgrade to the 3.14 backport kernel" -apt-get -y install linux-image-3.14-0.bpo.2-amd64 +echo "[*] Upgrade to the 3.14 backport kernel and update bash to fix CVE-2014-6271" +apt-get -y install linux-image-3.14-0.bpo.2-amd64 bash echo "[*] Creating motd file..." cat >/etc/motd <