Please clarifiy: kernel-sources / ptracebug / debian security announcenments
Hi,
may I be allowed to ask some questions?
I am a little bit confused about the latest discussions on the ptrace
kernel bug.
As I am not a regular reader of this mailing list but heavily relying
on the debian security announce mailing list and apt-get, I was really
wondering why I could not find anything about that ptrace kernel bug
that can be found here
http://sinuspl.net/ptrace/
on the debian security website / announcement list.
As I keep my systems regularly (apt-)updated I thought there was no
reason to panic, at least debian is known for it´s high claims on
beeing secure and "there would be some word about that if it was a
problem."
well, said that I tried, just for fun, if that exploit could do
something on my actual debian installations and I really got slapped
hard! All machines were exploitable!
Ok, my questions:
Why isn´t there a security warning about that ptrace bug?
The actual kernel sources that one can get via apt-get, are they
already patched?
What about the kernel-images?
As i read, there are some misfunctions with that kernel-patch, not
allowing some tools to work properly (netsaint / nagios were
mentioned). Are there any more sideeffects known?
Is there a good website accumulating information
about-that-prace-bug-and-patch-and-all-the-problems-that-are
related-to this.org?
And: which informtion sources do I have to follow to become informed
about *all* security bugs in debian?
Thanks for your attention and sorry for my clumsy english!
Have a nice thread,
Peter
Reply to: