[Security] Linux Kernel Upgrade 4.18.10 in LinuxMint LMDE3 -Cindy AMD64 PC

【Platform】Virtualbox in Windows7
【OS】LinuxMint LMDE3-Cindy
【Target】Debian-Unstable SID - 4.18.10 Kernel Developer Environments
【Reason】CVE-2018-17182 UAF+PoC 漏洞

$ sudo nano /etc/apt/sources.list.d/official-package-repositories.list

[Repo Add/Edit ]

#stretch-backports deb http://opensource.nchc.org.tw/debian/ stretch-backports main contrib non-free #deb http://ftp.tw.debian.org/debian/ stretch-backports main contrib non-free # Stable #deb http://opensource.nchc.org.tw/debian/ stable main contrib non-free #deb-src http://ftp.debian.org/debian stable main contrib non-free #stable-proposed-updates # Testing #deb http://opensource.nchc.org.tw/debian/ testing main contrib non-free #deb-src http://ftp.debian.org/debian testing main contrib non-free # Unstable-sid deb http://opensource.nchc.org.tw/debian/ unstable main contrib non-free #deb-src http://ftp.debian.org/debian unstable main contrib non-free # Security updates deb http://security.debian.org/ stable/updates main contrib non-free deb http://security.debian.org/ testing/updates main contrib non-free #deb-src http://security.debian.org/ stable/updates main contrib non-free #deb-src http://security.debian.org/ testing/updates main contrib non-free deb http://packages.linuxmint.com cindy main upstream import backport #deb http://www.deb-multimedia.org stretch main non-free

3 File:
├─ linux-headers-4.18.0-2-amd64
├─ linux-headers-4.18.0-2-common
└─ linux-image-4.18.0-2-amd64

$ sudo apt-get update $ sudo apt-get install -t  Unstable linux-{image,headers}-amd64

Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed:   binutils binutils-common binutils-x86-64-linux-gnu cpp-7 gcc-7 gcc-7-base gcc-8-base libasan4 libatomic1 libbinutils libc-bin libc-dev-bin libc-l10n libc6 libc6-dev libcc1-0 libcilkrts5 libgcc-7-dev libgcc1 libgomp1 libisl19 libitm1 liblsan0 libmpc3 libmpfr6 libmpx2 libquadmath0 libtsan0 libubsan0  linux-compiler-gcc-7-x86 linux-headers-4.18.0-2-amd64 linux-headers-4.18.0-2-common linux-image-4.18.0-2-amd64 linux-kbuild-4.18 locales Suggested packages:   binutils-doc gcc-7-locales gcc-7-multilib gcc-7-doc libgcc1-dbg libgomp1-dbg libitm1-dbg libatomic1-dbg libasan4-dbg liblsan0-dbg libtsan0-dbg libubsan0-dbg libcilkrts5-dbg libmpx2-dbg libquadmath0-dbg glibc-doc linux-doc-4.18 debian-kernel-handbook The following NEW packages will be installed:   binutils-common binutils-x86-64-linux-gnu cpp-7 gcc-7 gcc-7-base gcc-8-base libasan4 libbinutils libgcc-7-dev libisl19 libmpfr6 linux-compiler-gcc-7-x86 linux-headers-4.18.0-2-amd64 linux-headers-4.18.0-2-common linux-image-4.18.0-2-amd64 linux-kbuild-4.18 The following packages will be upgraded:   binutils libatomic1 libc-bin libc-dev-bin libc-l10n libc6 libc6-dev libcc1-0 libcilkrts5 libgcc1 libgomp1 libitm1 liblsan0 libmpc3 libmpx2 libquadmath0 libtsan0 libubsan0 linux-headers-amd64 linux-image-amd64 locales 21 upgraded, 16 newly installed, 0 to remove and 1355 not upgraded. Need to get 91.6 MB of archives. After this operation, 398 MB of additional disk space will be used.

Boot Menu Update

$ sudo -s update-grub $ sudo reboot -f

 Run a while if no Error occur then kill old kernel file

$ dpkg -l | grep linux-headers-4.9.* $ sudo apt-get purge linux-headers-4.9.* $ dpkg -l | grep linux-image-4.9.* $ sudo apt-get purge linux-image-4.9.* $ sudo apt-get autoremove $ sudo apt-get autoclean

Reverse Check for No Error

$ sudo dpkg --configure -a

ps.
linux-4.18 network interface mustbe changed：
eth0 / eht1 /eth2  to  enp0s3 / enp0s8 / enp0s9

$ sudo ifconfig enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500         inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255         inet6 fe80::ef36:7274:9e9:fa66  prefixlen 64  scopeid 0x20         ether 08:00:27:e2:db:e6  txqueuelen 1000  (Ethernet)         RX packets 180443  bytes 220362361 (210.1 MiB)         RX errors 0  dropped 0  overruns 0  frame 0         TX packets 57264  bytes 3495393 (3.3 MiB)         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0 enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500         inet 192.168.56.101  netmask 255.255.255.0  broadcast 192.168.56.255         inet6 fe80::88c9:a184:5afe:6282  prefixlen 64  scopeid 0x20         ether 08:00:27:8e:af:f3  txqueuelen 1000  (Ethernet)         RX packets 1972  bytes 152854 (149.2 KiB)         RX errors 0  dropped 0  overruns 0  frame 0         TX packets 2855  bytes 521255 (509.0 KiB)         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0 enp0s9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500         inet6 fe80::c9d1:6ca7:dda:b5b7  prefixlen 64  scopeid 0x20         ether 08:00:27:d6:31:5e  txqueuelen 1000  (Ethernet)         RX packets 0  bytes 0 (0.0 B)         RX errors 0  dropped 0  overruns 0  frame 0         TX packets 345  bytes 55046 (53.7 KiB)         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Related Article：
[OpenWrt][Security]CVE-2018-17182 UAF+PoC 漏洞修補
[Linux]Install TP-Link T4Uv3 Wifi USB3 Dongle in Debian-LinuxMint LMDE3-Cindy with Linux Kernel 4.18