New Kernel and Security Fix


A new Kernel 4.14.29 is available for Zeroshell. This Kernel belongs to the last Long Term Support series and provides better support for next-generation hardware than the current Kernel 4.4.x used in the latest Zeroshell releases. Furthermore, the Kernel 4.14.29 was compiled using the GCC 7.3 compiler, which should guarantee a better optimization of the code in terms of performance. Thanks to the support from the new compiler this Kernel implements the Spectre v2 mitigation that makes it immune against attacks that exploit known vulnerabilities of the Processors.

10 thoughts on “New Kernel and Security Fix

  1. I run ZS with kernel 4.4.96/64bit and has security fix i thought good to install but when I run the installation I receive this error:
    >> ERROR: the package 49c00 is not compatible with the package 49e00
    any hint or I completely off track?


    1. SLOT 2 – Zeroshell 3.9.1
      Active (Current Kernel: 4.14.83-ZS-64)
      root@zero ~> iptables -mndpi -help
      iptables v1.4.21: xt_ndpi: kernel module not load.
      Try `iptables -h’ or ‘iptables –help’ for more information.

  2. To install the new Kernel 4.14.29 (package 49e00) you should remove any other package that contains a Kernel. For example the package 49c00 is the 64-bits Kernel 4.4.96 so Zeroshell claims that is not compatible with the new Kernel.

  3. Hi,
    I just updated the kernel to 4.14.29 but the system stopped to see my wlan card – Intel Wireless 7260. I needed to go back to my previous kernel.
    iwlwifi: Direct firmware load for iwlwifi-7260-17.ucode failed with error -2
    iwlwifi: no suitable firmware found!
    iwlwifi: iwlwifi-7260-17 is required

    Big thanks for your help!

  4. Hello Fulvio I found a new issue when I tried to add/edit a “Forward” rule, I had a mac address with ndpi applied and I tried to edit the mac address this message appears “iptables v1.4.21: xt_ndpi: kernel module not load.”

    I tried to downgrade the kernel

    from this -> 64-Bit Kernel 4.14.29
    to this -> 64-Bit Kernel 4.4.96

    I need to do something else to fix this issue?

    Thanks four your help

    1. With the 64-Bit Kernel 4.4.96 I get this error “iptables: Invalid argument. Run `dmesg’ for more information.”

      dmesg result is this

      [ 17.904614] ISO 9660 Extensions: RRIP_1991A
      [ 18.113153] EXT4-fs (sda4): mounted filesystem with ordered data mode. Opts: (null)
      [ 19.120377] EXT4-fs (sda4): mounted filesystem with ordered data mode. Opts: (null)
      [ 28.847570] Adding 131068k swap on /DB/swap-file. Priority:-2 extents:1 across:131068k FS
      [ 35.869726] ip_tables: (C) 2000-2006 Netfilter Core Team
      [ 36.757907] ctnetlink v0.93: registering with nfnetlink.
      [ 39.881503] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
      [ 39.881689] Bridge firewalling registered
      [ 39.882933] xt_ndpi: loading out-of-tree module taints kernel.
      [ 39.887927] xt_ndpi v1.2 ndpi 1.7.0 with IPv6
      [ 39.887927] bt hash size 0k gc timeout 1200 sec
      [ 39.887927] sizeof hash_ip4p_node 44
      [ 39.887927] sizeof id_struct 256
      [ 39.887927] sizeof flow_struct 936
      [ 39.887927] sizeof packet_struct 416
      [ 39.887927] sizeof flow_tcp_struct 38
      [ 39.887927] sizeof flow_udp_struct 18
      [ 39.887927] sizeof int_one_line_struct 4
      [ 39.887927] sizeof ndpi_ip_addr_t 16
      [ 39.887927] sizeof ndpi_protocol 4
      [ 39.887927] sizeof nf_ct_ext_ndpi 40
      [ 39.887927] sizeof spinlock_t 4
      [ 39.887927] NF_LABEL_ID 7
      [ 40.520307] xt_time: kernel timezone is -0600
      [ 42.594305] tun: Universal TUN/TAP device driver, 1.6
      [ 42.731262] Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
      [ 42.877128] via-rhine 0000:03:01.0 ETH01: renamed from eth0
      [ 42.921625] r8169 0000:01:00.0 ETH00: renamed from eth1
      [ 43.025096] BRIDGE00: port 1(ETH00) entered blocking state
      [ 43.025098] BRIDGE00: port 1(ETH00) entered disabled state
      [ 43.025155] device ETH00 entered promiscuous mode
      [ 43.053074] r8169 0000:01:00.0 ETH00: link down
      [ 43.053081] r8169 0000:01:00.0 ETH00: link down
      [ 43.053109] IPv6: ADDRCONF(NETDEV_UP): ETH00: link is not ready
      [ 43.060951] BRIDGE00: port 2(ETH01) entered blocking state
      [ 43.060953] BRIDGE00: port 2(ETH01) entered disabled state
      [ 43.061002] device ETH01 entered promiscuous mode
      [ 43.167972] BRIDGE00: port 2(ETH01) entered blocking state
      [ 43.167976] BRIDGE00: port 2(ETH01) entered forwarding state
      [ 43.254566] IPv6: ADDRCONF(NETDEV_UP): VPN99: link is not ready
      [ 44.772505] r8169 0000:01:00.0 ETH00: link up
      [ 44.772515] IPv6: ADDRCONF(NETDEV_CHANGE): ETH00: link becomes ready
      [ 44.773051] BRIDGE00: port 1(ETH00) entered blocking state
      [ 44.773054] BRIDGE00: port 1(ETH00) entered forwarding state

  5. iptables v1.4.21: xt_ndpi: kernel module not load.
    Active (Current Kernel: 4.14.83-ZS-64)
    push !!!!!!!!!!!!!!!!!!

  6. iptables v1.4.21: xt_ndpi: kernel module not load.
    Active (Current Kernel: 4.14.83-ZS-64)
    SLOT 2 – Zeroshell 3.9.1

Leave a Reply

Your email address will not be published.