Re: Missing security fixes for Woody kernel
Philip Ross a écrit : The latest 2.4 kernel for Woody (kernel-image-2.4.18-1-686 version 2.4.18-13.1) is still vulnerable to the FPU crash CAN-2004-0554 discovered back in June 2004 and fixed in the 2.4.27 kernel. The code available at http://www.securiteam.com/exploits/5ZP0N0AD5A.html will crash an up to date Woody system. In the kernel-source 2.4.27-6 changelog http://packages.debian.org/changelogs/pool/main/k/kernel-source-2.4.27/kernel-source-2.4.27_2.4.27-6/changelog I see that the FPU crash CAN-2004-0554 is fixed: (...) kernel-source-2.4.26 (2.4.26-3) unstable; urgency=low * Fix clear_cpu() marco [CAN-2004-0554] . include/asm-i386/i387.h . include/asm-x86_64/i387.h Is there going to be a backported fix for this issue for Woody? Dont know. I simply installed a 2.4.27 kernel on the Woody box. Christophe
Re: Missing security fixes for Woody kernel
Christophe Chisogne a écrit : I see that the FPU crash CAN-2004-0554 is fixed: PS I found that information from (Google and) bug #253871. Debian Bug report logs - #253871 CAN-2004-0554 user application can hang the kernel http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=253871 Ch.
Missing security fixes for Woody kernel
The latest 2.4 kernel for Woody (kernel-image-2.4.18-1-686 version 2.4.18-13.1) is still vulnerable to the FPU crash CAN-2004-0554 discovered back in June 2004 and fixed in the 2.4.27 kernel. The code available at http://www.securiteam.com/exploits/5ZP0N0AD5A.html will crash an up to date Woody system. Is there going to be a backported fix for this issue for Woody? The 2.4.27 and 2.4.28 kernels also fix a number of other security issues. Are there going to be updates to the Woody 2.4 kernel to fix these too? Thanks, Phil -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
