[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Do I need to upgrade my kernel (kernel-image-2.4-k6)?

Robert S wrote:

> I am running debian with kernel 2.4.27.  I see that the kernel-source
> package is listed in the security vulnerabilities (DSA-1097).  I do a
> weekly "apt-get update && apt-get upgrade" but have not been prompted to
> upgrade my
> kernel.  I am using kernel-image-2.4-k6.
> Do I need to upgrade my kernel image and if so, what is the correct way of
> doing this?

Do you use stable or testing?

If you take a look at http://www.debian.org/security/2006/dsa-1097 you can
see that you need at least 2.4.27-10sarge3 for IA-32 architecture. When you

apt-cache policy kernel-image-2.4.27-2-k6

you should get something like this (not exactly, because I have here

  Installed: (none)
  Candidate: 2.4.27-12
  Version table:
     2.4.27-12 0
        300 http://debian.lcs.mit.edu unstable/main Packages
        700 http://debian.lcs.mit.edu testing/main Packages
     2.4.27-10sarge1 0
        500 http://security.debian.org sarge/updates/main Packages

Which means that if you have stable and security updates configured
properly, then you should have 2.4.27-10sarge1 . Chmmm, so there is
apparently some problem with that system.

Nevertheless, security report itself mentions source of the patched kernel
as (on one line):


If you download this package (with wget or curl -O prepended to URL) you can
install it (as a root) with

dpkg -i kernel-image-2.4.27-3-k6_2.4.27-10sarge3_i386.deb

I am Cc:-ing this to the security team and hopefully we'll get some reaction
from them about apparently broken apt-get lists.



GPG Finger: 89EF 4BC6 288A BF43 1BAB  25C3 E09F EF25 D964 84AC
http://www.ceplovi.cz/matej/blog/, Jabber: ceplma@jabber.cz
23 Marion St. #3, (617) 876-1259, ICQ 132822213
That distinction is reflected in the apocryphal remark made by a
French diplomat to his British counterpart: "This is all very
well in practice, but will it work in theory?".

Reply to: