No need for 2.4.23 (re compromise)

To: Debian-User Mailing List <debian-user@lists.debian.org>
Subject: No need for 2.4.23 (re compromise)
From: Christian Schnobrich <schnobs@babylon-kino.de>
Date: Fri, 05 Dec 2003 12:19:13 +0100
Message-id: <[🔎] 1070623152.364.13.camel@pferd.babel>

Hello,

I'm quite behind on reading this list, so maybe someone else has already
pointed this out, and anyway it's coming rather late. Still:

If your only concern is the brk() vulnerability, you don't need to get
kernel sources from <wherever> and roll your own. I've seen this several
times now, and not yet a single message to the contrary.

No, Debian didn't leave Joe User out in the rain to get his own kernel
source. All you need is apt-getable. Even a kernel package if you don't
want to compile just now.

From
http://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00212.html

> This bug has been fixed in kernel version 2.4.23 for the 2.4 tree and
> 2.6.0-test6 kernel tree. For Debian it has been fixed in version
> 2.4.18-12 of the kernel source packages, version 2.4.18-14 of the i386
> kernel images and version 2.4.18-11 of the alpha kernel images.

cu,
Schnobs

Reply to:

Follow-Ups:
- Re: No need for 2.4.23 (re compromise)
  - From: Vincent Lefevre <vincent@vinc17.org>

Prev by Date: Re: libxaw6
Next by Date: Re: missing URL
Previous by thread: Re: compiling kernel for another system
Next by thread: Re: No need for 2.4.23 (re compromise)
Index(es):
- Date
- Thread