On Tuesday 09 December 2003 9:08 pm, Andreas Janssen wrote:
> Geoff Thurman (<firstname.lastname@example.org>) wrote:
> > Is it possible for the unwitting to install a kernel-image
> > downloaded from official debian sources that hasn't been patched
> > for the recent exploit, or can all the currently downloadable
> > images (and kernel source packages too, for that matter) be taken
> > to be safe from it? I've
> > switched to woody, and have today installed image-2-4-18-k6 #1,
> > dated Apr 14 2002. Clearly the date suggests no patch has been
> > applied, so is this kernel vulnerable to the exploit, please, or
> > does it not arise in this branch?
> Your Kernel is vulnerable. When the ptrace bug was fixed, the
> packages became incompatible to modules compiled for older versions,
> and they were renamed. Install kernel-image-2.4.18-1-k6 from
> security.debian.org. The current version from ftp.debian.org (Woody
> r2) does /not/ fix all vulnerabilities (I even think it is still the
> same one as in Woody r1 because newer packages were rejected from r2
> for some reasons).
> best regards
> Andreas Janssen
Sheesh. Thank you. The new one is downloading now.