Kheng Teong Goh un jour écrivit:
Hi! I have 2 system on slicehost running debian. apt-get update and apt-get upgrade has not been upgrading my kernel. It has been upgrading other packages. Kernel remains as : 2.6.18-xen #1 SMP Tue Feb 12 06:40:50 UTC 2008 x86_64 Is it something I am not doing right?
Only the kernel 2.6.24 have been patched. I didn't check all the CVE, but It seems that all the security issues fixed today in 2.6.24 also affect the 2.6.18 kernels (mostly Xen and Vserver, but also many special kernel such as the one for PReP PowerPC machines).
CVE Id(s) : CVE-2008-3272 CVE-2008-3275 CVE-2008-3276 CVE-2008-3526
CVE-2008-3534 CVE-2008-3535 CVE-2008-3792 CVE-2008-3915
Depending of how you use your server, and If you can trust the users on
your system, maybe those bugs are not a very big liability for you. But I
can't judge at your place.
Hopefully, the security team will eventually release an update for the other kernel. If you can't wait, you can try to manualy patch your kernel for the security issues that concern you the most and recompile.
Simon Valiquette