[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#344060: /usr/bin/apt-get: Doesn't recognize need to update vulnerable kernel

On Mon, 2005-12-19 at 12:25 -0600, Tim Christian wrote:
> Package: apt
> Version: 0.5.28.6
> Severity: important
> File: /usr/bin/apt-get
> 
> 
> I was using (via `dpk -l`): kernel-image-2.4.27-1-38 2.4.27-6
> 
> I noticed the following security alert:
> http://www.debian.org/security/2005/dsa-921
> 
> Therefore, I issued: apt-get update && apt-get upgrade
> The update did not recognize that I needed to update the kernel.

Indeed not, nor should it have.

kernel-image-2.4.27-1-686 is an entirely different package from
kernel-image-2.4.27-2-686. (The difference in the package names exists
for a reason and one does not necessarily want to automatically upgrade
a kernel to one with a different module abi).

Regards,

Adam
Reply to: