On Sun, Jul 16, 2006 at 03:08:57AM +0100, Pedro Celestino dos Reis Rodrigues wrote: > Em S?bado, 15 de Julho de 2006 14:45, Matt Kraai escreveu: > > On Fri, Jul 14, 2006 at 10:33:15PM +0100, Pedro Celestino dos Reis Rodrigues > wrote: > > > In secury advisory at http://www.debian.org/News/2006/20060713 the two > > > ranges of kernel versions overlap. Transcription follows: > > > > > > It only exists in the Linux kernel 2.6.13 up to versions before 2.6.17.4, > > > and 2.6.16 before 2.6.16.24. > > > > > > Is this correct? > > > > It matches what the CVE says. It sounds like it was fixed in both > > 2.6.16.24 and 2.6.17.4, so versions between 2.6.13 and 2.6.23 > > (inclusive) and versions between 2.6.17 and 2.6.17.3 (inclusive) are > > vulnerable. > > When you say 2.6.23 do you mean 2.6.16.23 ? Yes. Oops. > The most recent version of the kernel is 2.6.17.6 (2006-07-15 19:17 UTC) so > > And it seems that in the advisory page, where it is > > "If you run Linux 2.6.13 up to versions before 2.6.17.4, or Linux 2.6.16 up to > versions before 2.6.16.24, please update your kernel immediately.", > > if it was > > "If you run Linux 2.6.17 up to versions before 2.6.17.4, or Linux 2.6.16 up > to versions before 2.6.16.24, please update your kernel immediately." > > it will make more sense. I don't think that's correct. I think the bug applied to all versions of 2.6.13, 2.6.14, and 2.6.15 and to some versions of 2.6.16 and 2.6.17. -- Matt
Attachment:
signature.asc
Description: Digital signature