Re: Kernel ptrace Hole - Fix For i386 ?
On Wed, 2003-04-16 at 02:21, Nick Boyce wrote:
> On Mon, 14 Apr 2003 20:01:57 -0500, Greg Norris wrote:
>
> >On Tue, Apr 15, 2003 at 12:46:38AM +0100, Nick Boyce wrote:
> >> The fix is in vanilla kernel 2.4.20 as I understand it, and it sounds
> >> like some people here are downloading that source for their Woody i386
> >> systems.
> >
> >By "vanilla", do you mean the "Linus kernel" from kernel.org? If so,
> >the fix was incorporated into 2.4.21-pre6... 2.4.20 wasn't updated.
>
> Yep - kernel.org is what I meant - thanks for that info. Thanks also
> to a private email I've been advised that patched Debian versions of
> 2.4.20 do exist in the main archive pool directories, so I guess the
> wheels of a release are turning.
>
> Sorry everybody - I didn't notice that the same question got asked 3
> days ago ("ptrace exploit").
I would not agree that appology is necessary.
The debian security team have said nothing about this bug that they have
posted to announce or the site which has left 'users' in a state of not
knowing.
The package that is ready should have been up on security.debian.org
weeks ago and I still think we are waiting a valid repsonse from the
security team on this issue.
Basically this has been a really bad show from debian, they claim to
respond to security issues with 48 hours, which they clearly not done in
this case. This causes the problem for me that I am trying to get the
ISP that I work at to make the new linux platform they are planning to
be debian based, this however is becomming a sticking point.
However don't get me wrong, apart from this the security team are great
and I thank them for their help in keeping my systems secure.
Take care - RL
--
MSN:lazzurs@everybuddy.com |"All that is etched in stone
Yahoo:admroblaz AIM:admroblaz |is truly only scribbled in
ICQ:66324927 |sand" - RL
Jabber:admroblaz@jabber.org |Join Eff http://www.eff.org
e-mail:lazzurs@lazzurs.myftp.org|Take care all - Rob Laz
Reply to: