I believe the first two used to say “(default)” but it seems they don’t now. However, it seems the default choice is the first one which I have been using.
I’ve had this constant update notification for a few days now and each time it updates the notification pops up again. I’ve restarted and reinstalled but it seems to not want to work.
The update is:
Name: kernel
Summary: Linux Kernel update
Type: security
New Version: 423
Catalog:
Restart: Yes
Description: “This update fixes various security issues and several bugs in the openSUSE 11.0 kernel. It was also updated to the stable version 2.6.25.20. CVE-2008-5702: Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700wdt.c might allow local users to have an unknown impact via a certain /dev/watchdog WDIOC_SETTIMEOUT IOCTL call. CVE-2008-5700: libata did not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program. CVE-2008-5079: net/atm/svc.c in the ATM subsystem allowed local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table. CVE-2008-5300: Linux kernel 2.6.28 allows local users to cause a denial of service (“soft lockup” and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029. CVE-2008-5029: The __scm_destroy function in net/core/scm.c makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors. CVE-2008-4933: Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c allowed attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function. CVE-2008-5025: Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c allowed attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933. CVE-2008-5182: The inotify functionality might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount. CVE-2008-3831: The i915 driver in drivers/char/drm/i915_dma.c does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl’s configuration. CVE-2008-4554: The do_splice_from function in fs/splice.c did not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file.”
I noticed the first option that my boot loader has been using is the non-(pae) one. Also, its version number seems to be lower than the (pae) one.
What is the difference with normal and (pae)? If I pick one system can I delete the other? Any idea why I’m not updating? My Internet seems to be working.
Short and sweet, just how I like it. Now that first sentence on Wikipedia makes more sense.
I typed “free -g” in my Konsol and it says I have 1G total memory.
It says I also have 2G swap memory. That’s just virtual (on my hard disk) right?
If all is correct I suppose this means I have less than 4G memory and should delete my (pae) kernel.
I also seem to have found the issue with my updating:
It seems the alsa-driver-kmp-default-1.017.20081029_2.6.25.18_0.2.1.i586 had an unsatisfied dependency with the new update. Any info on this?
you are correct. swap though does not come into the equation.
So default kernel is all you need. Well one or the other is actually OK. But there is no point having both. You should be able to boot currently with either one. And they should perform pretty much identically.
When you try and delete PAE, it will likely throw some errors at you and a warning about deleting the kernel. It’s OK, work through the errors and ignore the warning so long as you know you still have the default installed.
I don’t wish to disagree with anything said so far, but when I installed 11.1 the openSUSE(32bit) installer chose the PAE kernel (by default) on a system with 512MB RAM (2GB max limit). It has a 64bit Sempron 3100+ processor and openSUSE classes system as i686 architecture. It also said (text explanation) this was the better choice even if memory was less than (<3GB, but don’t remember the exact figure given). In fact I installed Default kernel from the repo to see if I noticed any difference in use, and of course I didn’t.
The pre-release 11.2 milestone1 (32bit) installer also chose PAE kernel on the same system, but when I did a distribution upgrade (zypper dup), I ended up with both PAE and Default kernels installed, with both included in Grub’s menu.lst with PAE set as the default load.
Ignoring that last upgrade, on initial installation openSUSE is consintantly preferring PAE as the default install even with <3GB. Can anyone explain why?
Yeah I’ve noticed that PAE was installed, even with an old Celeron processor. I’d like to know why too. On the other hand I have default on a Pentium-M notebook, but then maybe I switched to it from PAE, I can’t remember now.
I’m sure you are right. I vaguely remember (now you said it), I think it may have mentioned the NX-bit in the text, but it meant nothing to me then, so I will read up on it. I have indeed stuck with the default PAE choice ever since.
@ken_yap, I’m not sure about its consistency. When I mentioned it elsewhere, other posters were surprized as they had been given Default kernel under 3GB.
Well it seems the Pentium-M doesn’t support NX and enabling PAE on that will cause failure to boot, so maybe that is the explanation.
But why PAE on a Celeron processor with no NX and mobo that could never support more than 768MB anyway? Maybe the installer doesn’t always guess right.
I suppose so, PAE goes back a long way, but it’s hard to see what use that would be for a machine that would never be able to access more than 768MB. Still I suppose the installer has to make a decision and not everybody would agree with it.
This is actually the same for me. PAE was installed by default. And by way of a thought to the OP - If PAE was installed by default I would keep that, partly to reduce any possibility of loosing drivers compiled against the kernel, but you should know if you have done that.
Thanks for your comments here guys, just helped me think more clearly.
> Ignoring that last upgrade, on initial installation openSUSE is
> consintantly preferring PAE as the default install even with <3GB. Can
> anyone explain why?
Because PAE kernel is installed whenever “pae” and/or “nx” (NXbit) flags are
found under /proc/cpuinfo.
PAE allows running 32 bits systems with more than 4 GB. and NX bit adds some
security features.
