Re: Debian Server restored after Compromise. Which kernels???
On Friday 14 July 2006 19:05, Török Edvin wrote:
> On 7/14/06, Art Edwards <email@example.com> wrote:
> > Thanks very much for this post. However, I am confused about
> > Do you mean 2.6.13 up to 126.96.36.199? As written, 2.6.13 up to 188.8.131.52
> > would include all of the 2.6.14, 2.6.15, and 2.6.16 kernels, rendering
> > the last part of that line inconsistent. This has propagated through the
> > debian lists, so, at the least, a clarification would be very useful. the
> > span of kernels effected.
> Have a look at:
> http://www.securityfocus.com/bid/18874 it lists the kernels.
> Up to 184.108.40.206 they are vulnerable, and in the 2.6.16 line it is fixed
> in 220.127.116.11
Now that it is clear which kernels are defective, what should one do with
defective kernel on both i386 Debian etch and amd64 Debian etch? The list of
does not offer > 18.104.22.168 kernels for these systems. Should one download from
Does that tarbal require a kernel compilation? I can easily imagine: Yes. What
does mean "the vendor" in such list? How long it will take until > 22.214.171.124
kernels become available as deb packages for etch?
I can also imagine that a machine used normally detached from internet, and
only connected there for
#aptitude update (upgrade)
with only Debian official on sources.list, as for a machine used for
computation, there is no problem of kernel vulnerability. True?