[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Woody boot-floppies use flawed kernels

[Thomas Viehmann]
> For installation at least, a local root hole is completely
> irrelevant. (There is no root password and no users.)
> The only thing that needs to be ensured is that the installed kernel
> is not vulnerable. That means
> - until a new point release is made, stock kernels should be automatically
>   upgraded via the security.d.o apt-lines,

This do not work as you expect it.  The kernel used by b-f is copied
into place on the HD by b-f.  There is no package to upgrade.  No
kernel package is installed by b-f, and the people with a stock woody
will have the security problem until they manually install a new and
improved kernel.

Reply to: