[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [debian-knoppix] Open accounting and Open source

On April 27, 2003 12:26 am, Gilles Pelletier wrote:

I just received a private email where the sender says that, as far as 
security is concerned, he'd rather use the latest version of Knoppix. 
He thinks patches are applied pretty much asap. 

Here are 3 security patches that Patrick Volkerding has applied 
recently to Slackware:

Sun Apr 20 16:35:57 PDT 2003

patches/packages/openssh-3.6.1p1-i386-1.tgz: Upgraded to 

(Note: This upgrade is not listed as a security fix but, since it 
concerns openssh, I included it anyway. GP)

patches/packages/openssl-0.9.7b-i386-1.tgz: Upgraded to 
openssl-0.9.7b. This includes patches for the widely publicized 
timing attacks against SSL. 
       (* Security fix *)

patches/packages/openssl-solibs-0.9.7b-i386-1.tgz: Upgraded to shared 
libraries from openssl-0.9.7b. Protects against timing attacks.
       (* Security fix *)


Thu Apr 17 15:32:15 PDT 2003
patches/packages/kde/*: Upgraded to KDE 3.1.1a. Also included in
this directory are a rebuild of Qt (linked with Xft2 rather than
Xft1), an updated aRts package (the aRts sound server is a
component of KDE, but ships as part of Slackware's L series), and

(* Security fix *)


It must be noted that PV is not overly diligent in applying patches 
since some of those have been applied at least one week after the 
advisory was issued.

As of today (2003-04-27), the Knoppix changelog doesn't reflect the 
application of any of those patches, though this line:

"upgrade to current testing/unstable snapshot of Debian" could mean 
the openssl patch has been applied. (Thread-safe or not, who knows? 
Excuse my newbieness.)


La Masse critique
debian-knoppix mailing list

Reply to: