Re: Incongruent info in the security advisory at http://www.debian.org/News/2006/20060713
Em Sábado, 15 de Julho de 2006 14:45, Matt Kraai escreveu:
> On Fri, Jul 14, 2006 at 10:33:15PM +0100, Pedro Celestino dos Reis Rodrigues
wrote:
> > In secury advisory at http://www.debian.org/News/2006/20060713 the two
> > ranges of kernel versions overlap. Transcription follows:
> >
> > It only exists in the Linux kernel 2.6.13 up to versions before 2.6.17.4,
> > and 2.6.16 before 2.6.16.24.
> >
> > Is this correct?
>
> It matches what the CVE says. It sounds like it was fixed in both
> 2.6.16.24 and 2.6.17.4, so versions between 2.6.13 and 2.6.23
> (inclusive) and versions between 2.6.17 and 2.6.17.3 (inclusive) are
> vulnerable.
When you say 2.6.23 do you mean 2.6.16.23 ?
The most recent version of the kernel is 2.6.17.6 (2006-07-15 19:17 UTC) so
2.6.23 makes not sense to me.
And it seems that in the advisory page, where it is
"If you run Linux 2.6.13 up to versions before 2.6.17.4, or Linux 2.6.16 up to
versions before 2.6.16.24, please update your kernel immediately.",
if it was
"If you run Linux 2.6.17 up to versions before 2.6.17.4, or Linux 2.6.16 up
to versions before 2.6.16.24, please update your kernel immediately."
it will make more sense.
Pedro
--
_____________________________________________________________
Pedro Celestino dos Reis Rodrigues
Departamento de Química e Bioquímica
Faculdade de Ciências da Universidade de Lisboa
Tel: 21750000-28619
Reply to: