Re: Please clarifiy: kernel-sources / ptracebug / debian security announcenments

To: Peter Holm <pholm@gmx.de>
Cc: debian-security@lists.debian.org
Subject: Re: Please clarifiy: kernel-sources / ptracebug / debian security announcenments
From: George Georgalis <george@galis.org>
Date: Wed, 7 May 2003 21:10:41 -0400
Message-id: <20030508011041.GA28338@trot.local>
In-reply-to: <g0vhbvg6s9q4vbkilpmbp3ima97tr6gv75@4ax.com>
References: <g0vhbvg6s9q4vbkilpmbp3ima97tr6gv75@4ax.com>

I think you'll find the bugtraq list at http://securityfocus.com/ to
be the leading edge for security information. I like focus-linux too.
http://securityfocus.com/archive

To find more current news on issues / exploits, you would probably need
to follow some particular IRC or whatever the evil side of the internet
uses these days.

The main problem with bugtraq is a *lot* of M$ (and other commercial
software) issues are mixed in there. I find myself only reading the
subjects of 70% of the posts. but for issues like ptrace, you'll find
everything you need there.

// George



On Wed, May 07, 2003 at 02:53:35PM +0200, Peter Holm wrote:
>Hi,
>
>may I be allowed to ask some questions? 
>
>I am a little bit confused about the latest discussions on the ptrace
>kernel bug. 
>
>As I am not a regular reader of this mailing list but heavily relying
>on the debian security announce mailing list and apt-get, I was really
>wondering why I could not find anything about that ptrace kernel bug
>that can be found here
>
>http://sinuspl.net/ptrace/
>
>on the debian security website / announcement list.
>
>As I keep my systems regularly (apt-)updated I thought there was no
>reason to panic, at least debian is known for it?s high claims on
>beeing secure and "there would be some word about that if it was a
>problem."
>
>well, said that I tried, just for fun, if that exploit could do
>something on my actual debian installations and I really got slapped
>hard! All machines were exploitable! 
>
>Ok, my questions:
>
>Why isn?t there a security warning about that ptrace bug? 
>
>The actual kernel sources that one can get via apt-get, are they
>already patched?
>
>What about the kernel-images? 
>
>As i read, there are some misfunctions with that kernel-patch, not
>allowing some tools to work properly (netsaint / nagios were
>mentioned). Are there any more sideeffects known?
>
>Is there a good website accumulating information
>about-that-prace-bug-and-patch-and-all-the-problems-that-are
>related-to this.org?
>
>And: which informtion sources do I have to follow to become informed
>about *all* security bugs in debian? 
>
>
>Thanks for your attention and sorry for my clumsy english!
>
>
>
>
>Have a nice thread,
>Peter
>
>
>--
>To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

-- 
GEORGE GEORGALIS, System Admin/Architect    cell: 646-331-2027
Security Services, Web, Mail,            mailto:george@galis.org 
Multimedia, DB, DNS and Metrics.       http://www.galis.org/george

Reply to:

References:
- Please clarifiy: kernel-sources / ptracebug / debian security announcenments
  - From: Peter Holm <pholm@gmx.de>

Prev by Date: Re: Apt-get only security patches
Next by Date: Re: idea for improving security
Previous by thread: Re: Please clarifiy: kernel-sources / ptracebug / debian security announcenments
Next by thread: Re: Please clarifiy: kernel-sources / ptracebug / debian security announcenments
Index(es):
- Date
- Thread