Re: Kernel Security Update / Mondo Rescue kernel
In general, I prefer using Debian kernel-source packages, and applying
Debian kernel-patch... to those.
If you build your kernels using kernel-package, this can be done nearly
automagically. To find out how go here:
http://newbiedoc.sourceforge.net/system/kernel-pkg.html#PATCHES-KERNEL-PKG
DSA311 was issued on 08 June; the latest kernel-source-2.4.20 (-8) was
uploaded on 07 June. This suggests to me that the ioperm vulnerability has
not yet been fixed, and this is confirmed by looking at the changelogs.
Herbert is very good about showing us what he's fixed in new kernel-source
packages.
I believe the confusing statement in the DSA is less confusing if one
remembers that by definition security updates are only made to stable
packages. The changes necessary to fix vulnerabilities for not-yet-released
packages (testing and unstable) are made by uploading new packages to
unstable, which in due course make their way into testing.
Since you're building your own kernel from source you don't need cramfs,
which is used IIRC for initrd -- and you don't need initrd either. Just make
sure support for your root filesystem and your boot device are compiled
directly into the kernel (not as modules).
Your strategy of starting with the bf2.4-xfs config sounds like a good one.
Kevin
Reply to: