我正在尝试修补一个我已确认易受肮脏 COW 攻击的服务器。那里有许多其他指南推荐以下内容,但没有可用的软件包。
# sudo apt-get update && sudo apt-get dist-upgrade
Hit http://ftp.uk.debian.org wheezy Release.gpg
Hit http://ftp.uk.debian.org wheezy-updates Release.gpg
Hit http://ftp.uk.debian.org wheezy Release
Hit http://packages.dotdeb.org wheezy-php55 Release.gpg
Hit http://ftp.uk.debian.org wheezy-updates Release
Hit http://packages.dotdeb.org wheezy-php55 Release
Hit http://security.debian.org wheezy/updates Release.gpg
Hit http://security.debian.org wheezy/updates Release
Hit http://ftp.uk.debian.org wheezy/main Sources
Hit http://ftp.uk.debian.org wheezy/main amd64 Packages
Hit http://ftp.uk.debian.org wheezy/main Translation-en
Hit http://ftp.uk.debian.org wheezy-updates/main Sources
Hit http://ftp.uk.debian.org wheezy-updates/main amd64 Packages/DiffIndex
Hit http://ftp.uk.debian.org wheezy-updates/main Translation-en/DiffIndex
Hit http://packages.dotdeb.org wheezy-php55/all amd64 Packages
Hit http://security.debian.org wheezy/updates/main Sources
Hit http://security.debian.org wheezy/updates/main amd64 Packages
Ign http://packages.dotdeb.org wheezy-php55/all Translation-en_GB
Hit http://security.debian.org wheezy/updates/contrib amd64 Packages
Ign http://packages.dotdeb.org wheezy-php55/all Translation-en
Hit http://security.debian.org wheezy/updates/non-free amd64 Packages
Hit http://security.debian.org wheezy/updates/contrib Translation-en
Hit http://security.debian.org wheezy/updates/main Translation-en
Hit http://security.debian.org wheezy/updates/non-free Translation-en
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
# uname -rv
3.2.0-4-amd64 #1 SMP Debian 3.2.41-2+deb7u2
我遗漏了什么?在我看来,我正在访问 wheezy 的安全更新存储库。
更新:
看起来我读的是软件包名称而不是内核版本号:
# apt-cache policy linux-image-3.2.0-4-amd64 linux-image-amd64
linux-image-3.2.0-4-amd64:
Installed: 3.2.82-1
Candidate: 3.2.82-1
Version table:
*** 3.2.82-1 0
500 http://security.debian.org/ wheezy/updates/main amd64 Packages
100 /var/lib/dpkg/status
3.2.78-1 0
500 http://httpredir.debian.org/debian/ wheezy/main amd64 Packages
linux-image-amd64:
Installed: 3.2+46
Candidate: 3.2+46
Version table:
*** 3.2+46 0
500 http://httpredir.debian.org/debian/ wheezy/main amd64 Packages
100 /var/lib/dpkg/status
话虽如此,uname -ir
即使重新启动后仍然显示以下内容:
# uname -ir
3.2.0-4-amd64 unknown
答案1
Ondra Sniper Flidr 的回应暗示,当这个问题于 2016 年 10 月底发布时,Wheezy 已经停止服务了。
事实并非如此:直到 2018 年 5 月底,Wheezy 仍通过 Debian 的长期支持计划继续获得安全更新和社区支持。
Wheezy 的官方 LTS 存储库确实发布了针对 Dirty COW 的补丁。
答案2
这是因为 Debian Wheezy 已经过了使用寿命,并且不再受到 Debian 社区的支持,所以这里没有更新(至少没有来自官方存储库的更新)。