On Wed Oct 24, 2001 at 04:44:02PM +0200, Juan Quintela wrote:
> >>>>> "borsenkow" == Borsenkow Andrej <[EMAIL PROTECTED]> writes:
>
> borsenkow> It is from user's comment to
> borsenkow> http://linuxtoday.com/news_story.php3?ltsn=2001-10-18-018-20-SC-KN-0005
> borsenkow> that describes two kernel bugs (symlink and ptrace):
>
> borsenkow> ================ citation ================
> borsenkow> Mandrake Single Network Firewall is based on kernel 2.2.19
> borsenkow> I guess this episode will provide a good test of whether people should
> borsenkow> trust Mandrake as a company to keep their products secure...
>
> borsenkow> There has been no replacement product for Mandrake SNF7.2
> borsenkow> If there is none planned, it may be that they believe they can just let
> borsenkow> this slide without producing an update for people who bought the
> borsenkow> box...That would be unfortunate.
>
> borsenkow> ======================================
>
> You can test the possible updates
> for 8.1 in:
>
> http://people.mandrakesoft.com/~quintela/
>
> version -29mdk will be the 2.4 update if q&a agrees.
>
> Reports of work here, didn't work
> here are welcome.
Unfortuantely, this kernel is not what is being used in SNF. However,
the reports that all of a sudden an SNF box is being attacked or
compromised due to these kernel bugs is bogus. Both issues are
*local* vulnerabilities, not remote. It is improbable that your
system is being attacked due to problems in the kernel.
That being said, a patched 2.2 kernel for all distribs, including SNF,
will be available as soon as QA has finished doing their thing on
them. I've been running the new kernel on an SNF box for two days now
without a problem.
--
[EMAIL PROTECTED], OpenPGP key available on www.keyserver.net
1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD
- Danen Consulting Services www.danen.net, www.freezer-burn.org
- MandrakeSoft, Inc. Security www.linux-mandrake.com
Current Linux kernel 2.4.8-26mdk uptime: 19 hours 40 minutes.
PGP signature
