Re: Current Stable Kernel 2.4.18 Source deb ?
On Sat, 3 Jan 2004 11:16:26 +0100, Maurizio Lemmo wrote:
>On sabato 03 gennaio 2004, alle 05:26, Nick Boyce wrote:
>> I'd be grateful if someone could please try to deconfuse me about what
>> the current stable kernel 2.4.18 source package is ..
>>
>> DSA 403-1 (http://www.debian.org/security/2003/dsa-403) states that
>> the do_brk security hole was fixed in vanilla kernel 2.4.23, and that
>>
>> "For Debian it has been fixed in version 2.4.18-12 of
>> the kernel source packages, version 2.4.18-14 of the
>> i386 kernel images and version 2.4.18-11 of the alpha
>> kernel images"
>
>I think this was simply a mistake. It's nonsense that image is more
>update from the source it came from. I think they invert the version
>number, in the mail message.
Thanks for your comment - that seems most likely to me too.
I've now looked back through the debian-security archive, and the
previous few kernel updates were :
DSA 358-1 (31.Jul.2003) ==> kernel-source-2.4.18-11 (multiple bugs)
DSA 358-2 ( 5.Aug.2003) ==> kernel-source-2.4.18-12 (fixes oops)
DSA 358-4 (13.Aug.2003) ==> kernel-source-2.4.18-13 (fixes oops)
so the new version can't be any less than 2.4.18-14, and DSA 403-1
must contain a typo/thinko.
I was just being ultra-paranoid, and double-checking everything in the
light of recent events. I must calm down ;-)
>It's my opinion, but, i think it's correct.
Yep - thanks again for the feedback.
Nick Boyce
Bristol, UK
--
Steinbach's Guideline for Systems Programming:
Never test for an error condition you don't know how to handle.
Reply to: