Re: Do I need to upgrade my kernel (kernel-image-2.4-k6)?
Robert S wrote:
> I am running debian with kernel 2.4.27. I see that the kernel-source
> package is listed in the security vulnerabilities (DSA-1097). I do a
> weekly "apt-get update && apt-get upgrade" but have not been prompted to
> upgrade my
> kernel. I am using kernel-image-2.4-k6.
> Do I need to upgrade my kernel image and if so, what is the correct way of
> doing this?
Do you use stable or testing?
If you take a look at http://www.debian.org/security/2006/dsa-1097 you can
see that you need at least 2.4.27-10sarge3 for IA-32 architecture. When you
apt-cache policy kernel-image-2.4.27-2-k6
you should get something like this (not exactly, because I have here
300 http://debian.lcs.mit.edu unstable/main Packages
700 http://debian.lcs.mit.edu testing/main Packages
500 http://security.debian.org sarge/updates/main Packages
Which means that if you have stable and security updates configured
properly, then you should have 2.4.27-10sarge1 . Chmmm, so there is
apparently some problem with that system.
Nevertheless, security report itself mentions source of the patched kernel
as (on one line):
If you download this package (with wget or curl -O prepended to URL) you can
install it (as a root) with
dpkg -i kernel-image-2.4.27-3-k6_2.4.27-10sarge3_i386.deb
I am Cc:-ing this to the security team and hopefully we'll get some reaction
from them about apparently broken apt-get lists.
GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC
http://www.ceplovi.cz/matej/blog/, Jabber: email@example.com
23 Marion St. #3, (617) 876-1259, ICQ 132822213
That distinction is reflected in the apocryphal remark made by a
French diplomat to his British counterpart: "This is all very
well in practice, but will it work in theory?".