Security update of etch did not update my Kernel. Still vulnerable. Why???
Hi,
I am running a minimal install debian machine as a firewall and I would
like to keep it secure and up to date.
I included
deb http://ftp.us.debian.org/debian/ etch main non-free
deb http://security.debian.org etch/update main contrib
as the entries in /etc/apt/sources.list
and I run apt-get update and apt-get upgrade
Now I notice that there was a Recent advisory about the linux kernel
http://www.debian.org/security/2008/dsa-1494
The vmsplice system call did not properly verify address arguments passed by user space processes, which allowed local attackers to overwrite arbitrary kernel memory, gaining root privileges (CVE-2008-0010, CVE-2008-0600).
and the page references a fix at
http://security.debian.org/pool/updates/main/l/linux-2.6/linux-image-2.6.18-6-486_2.6.18.dfsg.1-18etch1_i386.deb
but why is my machine not running this new kernel?????
I ran the update, and upgrade with apt????
I still see that my kernel version is
linux-image-2.6.18-3-486 and not linux-image-2.6.18-6-48.
what did I do wrong? how to make sure all updates are done??????
thanks,
Mitchell
Reply to: