Hi, harden-localflaws package conflicts with some kernel-image packages (needs to be updated for the <2.4.23 vulnerability) in order to ensure that they are removed. However, this can result in an unbootable system if they are inadvertently removed, and furthermore, does not solve the immediate problem of an insecure kernel in memory. (The vulnerability is not removed until the machine is rebooted with a new kernel.) Would it be a better idea to, instead of removing the bad kernel package through a Conflicts: , instead through postinst on install and each update, scan the system for bad kernel packages and tell the admin about them so he can take manual action about it? -- Ryan Underwood, <nemesis@icequake.net>
Attachment:
signature.asc
Description: Digital signature