[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#246443: boot-floppies: There is no indice *bf kernel has security issues

On Thu, Apr 29, 2004 at 04:56:04AM +0200, Jan Minar wrote:
> Package: boot-floppies
> Version: N/A; reported 2004-04-29
> Severity: critical
> Justification: root security hole
> Tags: security
> Hi.
> I've just installed Debian @ my friend's, and I noticed there is nothing
> that would advise the user s/he should install a ``real kernel'', and
> sack the vulnerable *bf one.  One has to have an a priori knowledge there
> is a need to do apt-get install kernel-image-2.4.18-1-386 after the
> installation is done...
> (1) The *bf kernel should never be installed.  The ``real kernel''
> should be installed instead.
> (2) The user should be told explicitly and clearly the *bf kernel is
> vulnerable, why it is used despite being vulnerable, how to work around
> these vulnerabilities, and what to do to become not vulnerable.

There is no such issue in Sarge, so this could be tagged +woody?

Attachment: pgpKJdkirAwEc.pgp
Description: PGP signature

Reply to: