Package: boot-floppies Version: N/A; reported 2004-04-29 Severity: critical Justification: root security hole Tags: security Hi. I've just installed Debian @ my friend's, and I noticed there is nothing that would advise the user s/he should install a ``real kernel'', and sack the vulnerable *bf one. One has to have an a priori knowledge there is a need to do apt-get install kernel-image-2.4.18-1-386 after the installation is done... (1) The *bf kernel should never be installed. The ``real kernel'' should be installed instead. (2) The user should be told explicitly and clearly the *bf kernel is vulnerable, why it is used despite being vulnerable, how to work around these vulnerabilities, and what to do to become not vulnerable. Jan. -- System Information Debian Release: 3.0 Architecture: i386 Kernel: Linux kontryhel 2.4.26-jan #3 SMP Mon Apr 19 05:00:00 CEST 2004 i686 Locale: LANG=C, LC_CTYPE=cs_CZ.ISO-8859-2
Attachment:
pgpkbBwcIWrTE.pgp
Description: PGP signature