On Thu, Apr 29, 2004 at 04:56:04AM +0200, Jan Minar wrote: > Package: boot-floppies > Version: N/A; reported 2004-04-29 > Severity: critical > Justification: root security hole > Tags: security > > Hi. > > I've just installed Debian @ my friend's, and I noticed there is nothing > that would advise the user s/he should install a ``real kernel'', and > sack the vulnerable *bf one. One has to have an a priori knowledge there > is a need to do apt-get install kernel-image-2.4.18-1-386 after the > installation is done... > > (1) The *bf kernel should never be installed. The ``real kernel'' > should be installed instead. > > (2) The user should be told explicitly and clearly the *bf kernel is > vulnerable, why it is used despite being vulnerable, how to work around > these vulnerabilities, and what to do to become not vulnerable. There is no such issue in Sarge, so this could be tagged +woody? -- Jan
Attachment:
pgpyM8O0JHABC.pgp
Description: PGP signature