On Thursday, 16.11.2006 at 12:08 -0800, Kevin B. McCarty wrote: > > I had a strong *shrug* when i noticed that my stable system > > (originally woody, upgraded to sarge without kernel change) still > > had > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > If you are running Debian-provided kernels, you *really* should > upgrade to a kernel from Sarge. The kernels from Woody have not been > security-supported for a LONG time, and there have been quite a few > serious security issues discovered in the kernel since then. This is > potentially a much bigger deal than the OpenSSL issues you are > concerned about. I'm not sure that's *necessarily* true: after all, it depends on the use to which the machine is put. Kernel bugs are normally only exploitable by local users; SSL bugs are most likely to be exploitable remotely. If you have no local users other than yourself, but run many publically-accessible services, then SSL bugs are much more important! (I'm not saying my example above is true in every single case, but I think it's true on the whole.) Dave. -- Please don't CC me on list messages! ... Dave Ewart - davee@sungate.co.uk - jabber: davee@jabber.org All email from me is now digitally signed, key from http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Attachment:
signature.asc
Description: Digital signature