Hacker Newsnew | comments | show | ask | jobs | submit login

It appears to be fixed in Linux 3.4 [1]. According to the original commit [2] it's been broken since 7dffa3c673fbcf835cd7be80bb4aec8ad3f51168 [3], which appeared in 2.6.26.

So, kernels between 2.6.26 and 3.3 (inclusive) are vulnerable.

[1] https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2....

[2] https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2....

[3] https://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2....




Which, in summary, is pretty much every production kernel out there.

Spent the last two hours recovering servers, tomorrow will be another interesting day.

Whoever figured it'd be a good idea to INSERT[1] the leap-second instead of just slowing/accelerating time... <censored>

[1] Clock: inserting leap second 23:59:60 UTC

-----


I'm still tryin to understand why all my servers seem to be ok even if they have kernel that should be affected and some of them are running mysql... For example one of them is a debian kernel 2.6.32 running mysql and ntpd, and i see in dmesg Clock: inserting leap second 23:59:60 UTC but the cpu load is ok...

-----


> Whoever figured it'd be a good idea to INSERT[1] the leap-second instead of just slowing/accelerating time... <censored>

That would be the IERS organisation. There's going to be a vote in 2015 to abolish them entirely.

-----


Well, it was a known bug and you had six months to prepare (i.e. update your kernel).

-----


Where was it published?

Almost all of my machines run the Debian stable kernel and were still affected.

-----


The leap second was scheduled in January. That event is so unusual you might get worried. So you do a simple google search and find out that there was a critical bug[1] in Linux kernel last time leap second was inserted. People got worried rightfully[2][3]. I don't know about debian, if it was known prior, if it is the same bug as before, ... But I don't run Debian, you do.

1. https://bugzilla.redhat.com/show_bug.cgi?id=479765

2. http://it.slashdot.org/story/12/06/30/2123248/the-leap-secon...

3. http://serverfault.com/questions/402087/does-centos-5-4-prop...

-----


No need to be a smart-ass about it.

Even if I had googled (which I didn't) then I'd probably have assumed the fixes for bugs from 2009 to have long made it into the current distro kernels.

I just didn't expect something so basic to be still (or again) broken.

-----


Don't get me wrong, I wouldn't too by default. But do you remember Azure crashing on February 29th? And checking for that date is a matter of three conditions. Leap second is much more complex. I'm not trying to be a smart-ass.. I'm just saying it's something I would worry about and would try to find something about it. And perhaps it wouldn't lead anywhere with Debian.

And still, something in your app stack could crash on this as well, leaving the kernel patching pointless.

-----


Pity there was a missing bnx2 firmware issue in all the stables kernels since then, which makes most of the boxes I'm unfortunate enough to run even less useful.

-----


Well, except for RHEL 5. That runs 2.6.18.

-----


I have 2.6.27 kernels here (SuSE 11.1) which seem unaffected so breakage might be a little later

-----


http://bit.ly/N1kZvS https://twitter.com/redditstatus/status/219244389044731904

-----




Applications are open for YC Winter 2016

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: