Re: Please clarifiy: kernel-sources / ptracebug / debian security announcenments
I think you'll find the bugtraq list at http://securityfocus.com/ to
be the leading edge for security information. I like focus-linux too.
http://securityfocus.com/archive
To find more current news on issues / exploits, you would probably need
to follow some particular IRC or whatever the evil side of the internet
uses these days.
The main problem with bugtraq is a *lot* of M$ (and other commercial
software) issues are mixed in there. I find myself only reading the
subjects of 70% of the posts. but for issues like ptrace, you'll find
everything you need there.
// George
On Wed, May 07, 2003 at 02:53:35PM +0200, Peter Holm wrote:
>Hi,
>
>may I be allowed to ask some questions?
>
>I am a little bit confused about the latest discussions on the ptrace
>kernel bug.
>
>As I am not a regular reader of this mailing list but heavily relying
>on the debian security announce mailing list and apt-get, I was really
>wondering why I could not find anything about that ptrace kernel bug
>that can be found here
>
>http://sinuspl.net/ptrace/
>
>on the debian security website / announcement list.
>
>As I keep my systems regularly (apt-)updated I thought there was no
>reason to panic, at least debian is known for it?s high claims on
>beeing secure and "there would be some word about that if it was a
>problem."
>
>well, said that I tried, just for fun, if that exploit could do
>something on my actual debian installations and I really got slapped
>hard! All machines were exploitable!
>
>Ok, my questions:
>
>Why isn?t there a security warning about that ptrace bug?
>
>The actual kernel sources that one can get via apt-get, are they
>already patched?
>
>What about the kernel-images?
>
>As i read, there are some misfunctions with that kernel-patch, not
>allowing some tools to work properly (netsaint / nagios were
>mentioned). Are there any more sideeffects known?
>
>Is there a good website accumulating information
>about-that-prace-bug-and-patch-and-all-the-problems-that-are
>related-to this.org?
>
>And: which informtion sources do I have to follow to become informed
>about *all* security bugs in debian?
>
>
>Thanks for your attention and sorry for my clumsy english!
>
>
>
>
>Have a nice thread,
>Peter
>
>
>--
>To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
GEORGE GEORGALIS, System Admin/Architect cell: 646-331-2027
Security Services, Web, Mail, mailto:george@galis.org
Multimedia, DB, DNS and Metrics. http://www.galis.org/george
Reply to: