Re: Woody boot-floppies use flawed kernels
[Thomas Viehmann]
> For installation at least, a local root hole is completely
> irrelevant. (There is no root password and no users.)
> The only thing that needs to be ensured is that the installed kernel
> is not vulnerable. That means
> - until a new point release is made, stock kernels should be automatically
> upgraded via the security.d.o apt-lines,
This do not work as you expect it. The kernel used by b-f is copied
into place on the HD by b-f. There is no package to upgrade. No
kernel package is installed by b-f, and the people with a stock woody
will have the security problem until they manually install a new and
improved kernel.
Reply to: