Source: linux Version: 6.7.7-1 Severity: grave Justification: user security hole
Dear Maintainer, (Opting for grave/usersec because naturally updated kernels fix security vulnerabilities, but actually i think i can't update the kernel and that's grave, security be damned.) Observe: $ sudo apt install --no-install-recommends linux-headers-amd64 Reading package lists... Done Building dependency tree... Done Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: binutils-x86-64-linux-gnu:amd64 : Depends: libgcc-s1:amd64 (>= 4.2) but it is not going to be installed Depends: libjansson4:amd64 (>= 2.14) but it is not going to be installed Depends: libstdc++6:amd64 (>= 13.1) but it is not going to be installed cpp-13-x86-64-linux-gnu:amd64 : Depends: libgmp10:amd64 (>= 2:6.3.0+dfsg) but it is not going to be installed Depends: libisl23:amd64 (>= 0.15) but it is not going to be installed Depends: libmpc3:amd64 (>= 1.1.0) but it is not going to be installed Depends: libmpfr6:amd64 (>= 3.1.3) but it is not going to be installed gcc-13-x86-64-linux-gnu:amd64 : Depends: libcc1-0:amd64 (>= 13.2.0-18) but it is not going to be installed Depends: libgcc-s1:amd64 (>= 3.0) but it is not going to be installed Depends: libgmp10:amd64 (>= 2:6.3.0+dfsg) but it is not going to be installed Depends: libisl23:amd64 (>= 0.15) but it is not going to be installed Depends: libmpc3:amd64 (>= 1.1.0) but it is not going to be installed Depends: libmpfr6:amd64 (>= 3.1.3) but it is not going to be installed Depends: libstdc++6:amd64 (>= 5) but it is not going to be installed libc6:amd64 : Depends: libgcc-s1:amd64 but it is not going to be installed libgcc-13-dev:amd64 : Depends: libgcc-s1:amd64 (>= 13.2.0-18) but it is not going to be installed Depends: libgomp1:amd64 (>= 13.2.0-18) but it is not going to be installed Depends: libitm1:amd64 (>= 13.2.0-18) but it is not going to be installed Depends: libatomic1:amd64 (>= 13.2.0-18) but it is not going to be installed Depends: libasan8:amd64 (>= 13.2.0-18) but it is not going to be installed Depends: libubsan1:amd64 (>= 13.2.0-18) but it is not going to be installed Depends: libquadmath0:amd64 (>= 13.2.0-18) but it is not going to be installed libgprofng0:amd64 : Depends: libgcc-s1:amd64 (>= 3.3.1) but it is not going to be installed Depends: libstdc++6:amd64 (>= 13.1) but it is not going to be installed libhwasan0:amd64 : Depends: gcc-14-base:amd64 (= 14-20240303-1) but it is not going to be installed Depends: libgcc-s1:amd64 (>= 3.3) but it is not going to be installed liblsan0:amd64 : Depends: gcc-14-base:amd64 (= 14-20240303-1) but it is not going to be installed Depends: libgcc-s1:amd64 (>= 3.3) but it is not going to be installed libtsan2:amd64 : Depends: gcc-14-base:amd64 (= 14-20240303-1) but it is not going to be installed Depends: libgcc-s1:amd64 (>= 3.4) but it is not going to be installed linux-headers-6.7.7-amd64:amd64 : Depends: linux-kbuild-6.7.7:amd64 E: Unable to correct problems, you have held broken packages. or $ sudo apt install --no-install-recommends linux-headers-amd64 linux-kbuild-6.7.7:x32 Reading package lists... Done Building dependency tree... Done Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: binutils-x86-64-linux-gnu:amd64 : Depends: libgcc-s1:amd64 (>= 4.2) but it is not installable Depends: libjansson4:amd64 (>= 2.14) but it is not going to be installed Depends: libstdc++6:amd64 (>= 13.1) but it is not going to be installed cpp-13-x86-64-linux-gnu:amd64 : Depends: libgmp10:amd64 (>= 2:6.3.0+dfsg) but it is not going to be installed Depends: libisl23:amd64 (>= 0.15) but it is not going to be installed Depends: libmpc3:amd64 (>= 1.1.0) but it is not going to be installed Depends: libmpfr6:amd64 (>= 3.1.3) but it is not going to be installed gcc-13-x86-64-linux-gnu:amd64 : Depends: libcc1-0:amd64 (>= 13.2.0-18) but it is not going to be installed Depends: libgcc-s1:amd64 (>= 3.0) but it is not installable Depends: libgmp10:amd64 (>= 2:6.3.0+dfsg) but it is not going to be installed Depends: libisl23:amd64 (>= 0.15) but it is not going to be installed Depends: libmpc3:amd64 (>= 1.1.0) but it is not going to be installed Depends: libmpfr6:amd64 (>= 3.1.3) but it is not going to be installed Depends: libstdc++6:amd64 (>= 5) but it is not going to be installed libc6:amd64 : Depends: libgcc-s1:amd64 but it is not installable libgcc-13-dev:amd64 : Depends: libgcc-s1:amd64 (>= 13.2.0-18) but it is not installable Depends: libgomp1:amd64 (>= 13.2.0-18) but it is not going to be installed Depends: libitm1:amd64 (>= 13.2.0-18) but it is not going to be installed Depends: libatomic1:amd64 (>= 13.2.0-18) but it is not going to be installed Depends: libasan8:amd64 (>= 13.2.0-18) but it is not going to be installed Depends: libubsan1:amd64 (>= 13.2.0-18) but it is not going to be installed Depends: libquadmath0:amd64 (>= 13.2.0-18) but it is not going to be installed libgprofng0:amd64 : Depends: libgcc-s1:amd64 (>= 3.3.1) but it is not installable Depends: libstdc++6:amd64 (>= 13.1) but it is not going to be installed libhwasan0:amd64 : Depends: gcc-14-base:amd64 (= 14-20240303-1) but it is not installable Depends: libgcc-s1:amd64 (>= 3.3) but it is not installable liblsan0:amd64 : Depends: gcc-14-base:amd64 (= 14-20240303-1) but it is not installable Depends: libgcc-s1:amd64 (>= 3.3) but it is not installable libtsan2:amd64 : Depends: gcc-14-base:amd64 (= 14-20240303-1) but it is not installable Depends: libgcc-s1:amd64 (>= 3.4) but it is not installable E: Unable to correct problems, you have held broken packages. Compare: $ apt info linux-headers-6.5.0-5-amd64:amd64 linux-headers-6.7.7-amd64:amd64 Package: linux-headers-6.5.0-5-amd64:amd64 Version: 6.5.13-1 Priority: optional Section: kernel Source: linux Maintainer: Debian Kernel Team <debian-ker...@lists.debian.org> Installed-Size: 3,736 kB Depends: linux-headers-6.5.0-5-common (= 6.5.13-1), linux-kbuild-6.5.0-5, linux-compiler-gcc-13-x86 Homepage: https://www.kernel.org/ Download-Size: 1,274 kB APT-Manual-Installed: no APT-Sources: http://deb.debian.org/debian sid/main amd64 Packages Description: Header files for Linux 6.5.0-5-amd64 This package provides the architecture-specific kernel header files for Linux kernel 6.5.0-5-amd64, generally used for building out-of-tree kernel modules. These files are going to be installed into /usr/src/linux-headers-6.5.0-5-amd64, and can be used for building modules that load into the kernel provided by the linux-image-6.5.0-5-amd64 package. Package: linux-headers-6.7.7-amd64:amd64 Version: 6.7.7-1 Priority: optional Section: kernel Source: linux Maintainer: Debian Kernel Team <debian-ker...@lists.debian.org> Installed-Size: 6,329 kB Depends: linux-headers-6.7.7-common (= 6.7.7-1), linux-image-6.7.7-amd64 (= 6.7.7-1) | linux-image-6.7.7-amd64-unsigned (= 6.7.7-1), linux-kbuild-6.7.7, gcc-13 Homepage: https://www.kernel.org/ Download-Size: 1,768 kB APT-Sources: http://deb.debian.org/debian sid/main amd64 Packages Description: Header files for Linux 6.7.7-amd64 This package provides the architecture-specific kernel header files for Linux kernel 6.7.7-amd64, generally used for building out-of-tree kernel modules. These files are going to be installed into /usr/src/linux-headers-6.7.7-amd64, and can be used for building modules that load into the kernel provided by the linux-image-6.7.7-amd64 package. specifically Depends: linux-headers-6.5.0-5-common (= 6.5.13-1), linux-kbuild-6.5.0-5, linux-compiler-gcc-13-x86 Depends: linux-headers-6.7.7-common (= 6.7.7-1), linux-image-6.7.7-amd64 (= 6.7.7-1) | linux-image-6.7.7-amd64-unsigned (= 6.7.7-1), linux-kbuild-6.7.7, gcc-13 From a purely academic standpoint, I don't really see why linux-headers-$ver would depend on linux-image-$ver at all? one wants to build for linux but not care for or want the image (and i-t &c.) quite often. but whatever. The real kicker is, I think going by the unmet-dep list, the gcc-13 dependency, with linux-headers-6.7.7-amd64:amd64 now trying to pull in gcc-13:amd64 for an unknown reason. linux-headers-6.5.0-5-amd64:amd64 pulled in linux-compiler-gcc-13-x86:x32 ‒ linux-compiler-gcc-13-x86/unstable 6.5.13-1 amd64 linux-compiler-gcc-13-x86/unstable 6.5.13-1 i386 linux-compiler-gcc-13-x86/now 6.5.13-1 x32 [installed,local] ii linux-compiler-gcc-13-x86 6.5.13-1 x32 Compiler for Linux on x86 (meta-package) Package: linux-compiler-gcc-13-x86 Version: 6.5.13-1 Status: install ok installed Priority: optional Section: kernel Source: linux Maintainer: Debian Kernel Team <debian-ker...@lists.debian.org> Installed-Size: 746 kB Depends: gcc-13 Homepage: https://www.kernel.org/ Download-Size: unknown APT-Manual-Installed: no APT-Sources: /var/lib/dpkg/status Description: Compiler for Linux on x86 (meta-package) This package depends on GCC of the appropriate version and architecture for Linux on amd64, i386 and x32. ‒ which correctly and expectedly pulled in gcc-13:x32. Because this is an x32 host. Please revert this change and pull in the correct compiler again. Best, наб (One has to assume this would be a similar scenario on an i386 host using an amd64 kernel; this is rare in a.d. 2024 probably, but.) -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: x32 (x86_64) Foreign Architectures: amd64, i386 Kernel: Linux 6.5.0-3-amd64 (SMP w/2 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FORCED_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
signature.asc
Description: PGP signature