[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: kernel-images


Geoff Thurman (<geoffthur@ntlworld.com>) wrote:

> Is it possible for the unwitting to install a kernel-image downloaded
> from official debian sources that hasn't been patched for the recent
> exploit, or can all the currently downloadable images (and kernel
> source packages too, for that matter) be taken to be safe from it?
> I've
> switched to woody, and have today installed image-2-4-18-k6  #1, dated
> Apr 14 2002. Clearly the date suggests no patch has been applied, so
> is this kernel vulnerable to the exploit, please, or does it not arise
> in this branch?

Your Kernel is vulnerable. When the ptrace bug was fixed, the packages
became incompatible to modules compiled for older versions, and they
were renamed. Install kernel-image-2.4.18-1-k6 from
security.debian.org. The current version from ftp.debian.org (Woody r2)
does /not/ fix all vulnerabilities (I even think it is still the same
one as in Woody r1 because newer packages were rejected from r2 for
some reasons).

best regards
        Andreas Janssen

Andreas Janssen
PGP-Key-ID: 0xDC801674
Registered Linux User #267976

Reply to: