Re: Woody boot-floppies use flawed kernels
Petter Reinholdtsen wrote: [Thomas Viehmann] For installation at least, a local root hole is completely irrelevant. (There is no root password and no users.) The only thing that needs to be ensured is that the installed kernel is not vulnerable. That means - until a new point release is made, stock kernels should be automatically upgraded via the security.d.o apt-lines, This do not work as you expect it. The kernel used by b-f is copied into place on the HD by b-f. There is no package to upgrade. No kernel package is installed by b-f, and the people with a stock woody will have the security problem until they manually install a new and improved kernel. Yes. I see now. Sorry for the misinformation. Cheers T. pgp0.pgp Description: PGP signature
Re: Woody boot-floppies use flawed kernels
[Thomas Viehmann] For installation at least, a local root hole is completely irrelevant. (There is no root password and no users.) The only thing that needs to be ensured is that the installed kernel is not vulnerable. That means - until a new point release is made, stock kernels should be automatically upgraded via the security.d.o apt-lines, This do not work as you expect it. The kernel used by b-f is copied into place on the HD by b-f. There is no package to upgrade. No kernel package is installed by b-f, and the people with a stock woody will have the security problem until they manually install a new and improved kernel. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Woody boot-floppies use flawed kernels
Hi Is there any intention to release a new version of the Woody boot-floppies based on the kernel-image-2.2.25 and kernel-image-2.4.20-1 kernels which include the ptrace security hole fix ( see DSA-270 for example.) Obviously this would require similar patched kernels for all architectures to be available too. Perhaps a critical or grave bug should be filed against the boot-floppies debian-cd to ensure this issue receives attention ? Regards Jonathan Quick Hartebeesthoek Radio Astronomy Observatory -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Woody boot-floppies use flawed kernels
HI Jonathan, Jonathan Quick wrote: Is there any intention to release a new version of the Woody boot-floppies based on the kernel-image-2.2.25 and kernel-image-2.4.20-1 kernels which include the ptrace security hole fix ( see DSA-270 for example.) Obviously this would require similar patched kernels for all architectures to be available too. Perhaps a critical or grave bug should be filed against the boot-floppies debian-cd to ensure this issue receives attention ? For installation at least, a local root hole is completely irrelevant. (There is no root password and no users.) The only thing that needs to be ensured is that the installed kernel is not vulnerable. That means - until a new point release is made, stock kernels should be automatically upgraded via the security.d.o apt-lines, - when a new point release is made, fixed kernels should be offered to install on the hard disk. Unless there is a problem with one of these, I don't think there's much of a bug, certainly not in boot floppies. Cheers T. pgp0.pgp Description: PGP signature