Re: {Spam?} Re: woody kernel image
Michelle Konzack wrote: Am 2005-01-30 15:32:25, schrieb Sam Morris: Wow, I missed that! Should not the kernel-image-2.4.28-* packages be removed from the archive, since they are unsupported, and *very* dangerous to use? Sorry, that I ask, but where ist 2.4.28 ? The Kernel-Maintainer-Team has stoped adapting 2.4.28 to Debian, because 2.4.27 is definitivly in SARGE and its installer. Maybe because 2.4.29 is out? - Adam -- The email address used to send this email is temporary. It is bound to disappear at any time. Please thank the morons that buy crap from spammers for this. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
patched 2.4.18 woody kernel image packages
Dear Debian Users, Due the to delay of security updated debian woody 2.4.18 kernels, I have applied Simon Heywood's patch to the kernel-source-2.4.18 (ver 14.3) and am making deb packages available for 386 and 686. These kernels have been tested to stop the uselib() kernel root exploit. http://isec.pl/vulnerabilities/isec-0021-uselib.txt We hope that this release will help improve the security on systems presently running version 13.1 of kernel-image-2.4.18. These kernel packages have been installed and appear to function well, but they are still rather new and come with no warranty. Feel free to give them a try, and let me know if you experience any problems. http://linux.simple.be/debian/package/ Thanks, --Brett -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: patched 2.4.18 woody kernel image packages
Hi, I tested the kernel with success. :) Is only the uselib() root exploit fixed ? I looked at http://www.isec.pl/vulnerabilities.html and saw also a other problem and I think this should be solved ( kernel-image-2.4.18-1-686-smp can be affected). On http://www.isec.pl/vulnerabilities04.html you can see more problemes , they we should check. Is a list of all security problems available ? (to read all ChangesLogs are not really helpful) I hope on 2.6 with the new as-tree (e.g. 2.6.10-as2) , we will get a collections of all securty problems and it is easier to handle. Nice greetings, Harald Brett Hamilton wrote: Dear Debian Users, Due the to delay of security updated debian woody 2.4.18 kernels, I have applied Simon Heywood's patch to the kernel-source-2.4.18 (ver 14.3) and am making deb packages available for 386 and 686. These kernels have been tested to stop the uselib() kernel root exploit. http://isec.pl/vulnerabilities/isec-0021-uselib.txt We hope that this release will help improve the security on systems presently running version 13.1 of kernel-image-2.4.18. These kernel packages have been installed and appear to function well, but they are still rather new and come with no warranty. Feel free to give them a try, and let me know if you experience any problems. http://linux.simple.be/debian/package/ Thanks, --Brett -- Harald Krammer Brucknerstrasse 33 A - 4020 Linz AUSTRIA Mobil +43.(0) 664. 130 59 58 Mail: [EMAIL PROTECTED] Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: patched 2.4.18 woody kernel image packages
On Wed, 2 Feb 2005 at 22:35:44 +, Harald Krammer wrote: Brett Hamilton wrote: These kernel packages have been installed and appear to function well, but they are still rather new and come with no warranty. Feel free to give them a try, and let me know if you experience any problems. http://linux.simple.be/debian/package/ Is only the uselib() root exploit fixed ? Yes, see bug #289708. It's based on upstream fixes made shortly before the release of 2.4.29. S. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: woody kernel image
[EMAIL PROTECTED] wrote: I currently run Sarge on a few machines, but as I understand Debian policy, Sarge does not receive security updates. The only security updates I can expect are for Woody, so this makes Sarge unreliable for a production environment. Increasingly innaccurate; see http://merkel.debian.org/~joeyh/testing-security.html In the case of the recent kernel holes, IIRC[1] the 2.6 kernel is now fixed in sarge, while 2.4 is bring blocked out due to some other RC bugs (though I've been working to let it in anyway). I guess this is a good time for me to try to see if I can help the Debian Security Folks out if they need it. If you have the ability to work on verifying and patching security hole then you can certianly help the _Sarge_ security team. We're not yet able to offer complete security support for sarge due to a lack of some set up autobuilders for the t-p-u queue, but we are doing a lot of work and managing to get most security holes fixed in sarge ASAP. -- see shy jo [1] Over the atlantic and can't check. signature.asc Description: Digital signature
Re: woody kernel image
Am 2005-01-29 22:56:39, schrieb [EMAIL PROTECTED]: On Sat, Jan 29, 2005 at 07:12:21PM -0800, peace bwitchu wrote: This has been bothering me as well. They dropped support for kernel 2.4.18 when Herbert Xu left but I don't remember seeing any notification of this. I roll my own but how many boxes out there havn't been patched because they didn't know? I had no idea this had happened. I wish I knew. I have a machine running a Debian Woody webserver on 2.4.18 right now which is exposed to the Internet. Granted, apache is in a chroot jail and I have iptables blocking all ports but 80 and 22, but still, I would have liked to have known that 2.4.18 was not being maintained. This should be posted somewhere easy to find so that folks know. Where is it posted that the dropped support for 2.4.18? It was on debian-devel and debian-kernel They told, there are too much kernels to maintain and droped 2.4.(18-22) They sugested to use one of the Backports. Thanks to Norbert Tretkowsky (nobse) for http://www.backports.org/ All my WOODY-Servers running 2.4.27 (selfcompiled) now. --Shawn Greetings Michelle -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/3/8845235667100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
Re: woody kernel image
Michelle Konzack [EMAIL PROTECTED] wrote: Am 2005-01-29 22:56:39, schrieb [EMAIL PROTECTED]: This should be posted somewhere easy to find so that folks know. Definitely it should be! IMO debian-announce or debian-security-announce would be appropriate. Where is it posted that the dropped support for 2.4.18? It was on debian-devel and debian-kernel Both of which are lists mainly intended for developers and experienced users according to http://lists.debian.org/. They told, there are too much kernels to maintain and droped 2.4.(18-22) They sugested to use one of the Backports. And of course this is nothing to inform the ordinary users about, is it? Paul -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: woody kernel image
On Sun, Jan 30, 2005 at 12:02:23PM +0100, Michelle Konzack wrote: Where is it posted that the dropped support for 2.4.18? It was on debian-devel and debian-kernel Michelle, can You cite the Message-Id's and/or URLs to the archive, please? Thanks. Now Debian rocks, doesn't it? Kudos to the DST, as usually... -- )^o-o^|jabber: [EMAIL PROTECTED] | .v Ke-mail: jjminar FastMail FM ` - .' phone: +44(0)7981 738 696 \ __/Jan icq: 345 355 493 __|o|__Min irc: [EMAIL PROTECTED] pgpgj9FYfL4Xn.pgp Description: PGP signature
{Spam?} Re: woody kernel image
Michelle Konzack wrote: Where is it posted that the dropped support for 2.4.18? It was on debian-devel and debian-kernel They told, there are too much kernels to maintain and droped 2.4.(18-22) They sugested to use one of the Backports. Wow, I missed that! Should not the kernel-image-2.4.28-* packages be removed from the archive, since they are unsupported, and *very* dangerous to use? Thanks to Norbert Tretkowsky (nobse) for http://www.backports.org/ Hear, hear! -- Sam Morris http://robots.org.uk/ PGP key id 5EA01078 Fingerprint 3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
{Spam?} Re: {Spam?} Re: woody kernel image
Sam Morris wrote: Wow, I missed that! Should not the kernel-image-2.4.28-* packages be ^ should be 2.4.18, sorry :) -- Sam Morris http://robots.org.uk/ PGP key id 5EA01078 Fingerprint 3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: woody kernel image
Am 2005-01-30 13:37:13, schrieb Jan Minar: Michelle, can You cite the Message-Id's and/or URLs to the archive, please? Unfortunatly not (my postgresql is curently down) but I think, it was between April and June last year. Maybe after the last BUGfix in 2.4.18 Thanks. Now Debian rocks, doesn't it? Kudos to the DST, as usually... :-) Greetings Michelle -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/3/8845235667100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
Re: {Spam?} Re: {Spam?} Re: woody kernel image
Am 2005-01-30 16:02:23, schrieb Sam Morris: Sam Morris wrote: Wow, I missed that! Should not the kernel-image-2.4.28-* packages be ^ should be 2.4.18, sorry :) :-) Generaly there is no reason to remove 2.4.18. But I think, there is a need to a note about Servers like http://www.backports.org/ where they can get newer Kernels. Greetings Michelle -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/3/8845235667100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
Re: woody kernel image
* Michelle Konzack [EMAIL PROTECTED] [050130 17:45]: Michelle, can You cite the Message-Id's and/or URLs to the archive, please? Unfortunatly not (my postgresql is curently down) but I think, it was between April and June last year. Maybe after the last BUGfix in 2.4.18 Michelle, Michelle, Michelle... how does it come, that every time, you're telling such a story and are requested for some proof, one of your services is down, you cite completly unrelated URLs or you don't answer at all? Yours sincerely, Alexander -- http://learn.to/quote/ http://www.catb.org/~esr/faqs/smart-questions.html signature.asc Description: Digital signature
Re: woody kernel image
Am 2005-01-30 19:17:25, schrieb Alexander Schmehl: how does it come, that every time, you're telling such a story and are requested for some proof, one of your services is down, you cite completly unrelated URLs or you don't answer at all? Why not go to http://lists.debian.org/ and search for it ? Curently I have only my console on my FileServer and no workstation. Yours sincerely, Alexander Greetings Michelle -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/3/8845235667100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
Re: woody kernel image
On Sun, Jan 30, 2005 at 08:29:02PM +0100, Michelle Konzack wrote: Am 2005-01-30 19:17:25, schrieb Alexander Schmehl: how does it come, that every time, you're telling such a story and are requested for some proof, one of your services is down, you cite completly unrelated URLs or you don't answer at all? Why not go to http://lists.debian.org/ and search for it ? Because, darling, we already have done that, with no satisfactory results, and a member of the DST just have said something which is quite contradictory to Your claims. Yours, -- )^o-o^|jabber: [EMAIL PROTECTED] | .v Ke-mail: jjminar FastMail FM ` - .' phone: +44(0)7981 738 696 \ __/Jan icq: 345 355 493 __|o|__Min irc: [EMAIL PROTECTED] pgpy0swCLOp8b.pgp Description: PGP signature
Re: woody kernel image
Am 2005-01-30 19:43:49, schrieb Jan Minar: Because, darling, we already have done that, with no satisfactory results, and a member of the DST just have said something which is quite I am not police (DST) :-) but military. contradictory to Your claims. Yours, Greetings Michelle -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/3/8845235667100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
[OT] tales (was: woody kernel image)
Hi! * Michelle Konzack [EMAIL PROTECTED] [050130 20:29]: how does it come, that every time, you're telling such a story and are requested for some proof, one of your services is down, you cite completly unrelated URLs or you don't answer at all? Why not go to http://lists.debian.org/ and search for it ? May I add this as an other case of MK makes statements which she can't proofe to my list? Making a statement, and telling others to proof it for themself doesn't make your argument look very good. But anyway, I'm subscribed to both lists, and all I can say is: Been there, done that, got no shirt. So until I'm showed otherwise, I'm convident, that there is no mail to debian-devel or debian-kernel, stating that support for the 2.4.18* kernels in the current stable release has been dropped. And beside that, Joeys, forwarded to this list by Jan Minar a couple of hours ago (id: [EMAIL PROTECTED]) proofes, that you are wrong. Yours sincerely, Alexander PS: I'm still waiting for proofs of other statements you made for example in the -user-german list, like Google runs 10 Debian servers or DDs develop only Debian software, Maintainers maintain packages and some others. PPS: Are you aware that there are guys out there, thinking of collecting all your contraticting, unproofen or proofen wrong statements to a Michelle Konzack-FAQ? Luckily for you no one has the time for this sisyphos job. -- http://learn.to/quote/ http://www.catb.org/~esr/faqs/smart-questions.html signature.asc Description: Digital signature
Re: {Spam?} Re: woody kernel image
* Michelle Konzack wrote: There will be no new version of 2.4.XX Wrong. Message-ID: [EMAIL PROTECTED] Norbert -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT] tales (was: woody kernel image)
Greetings, Am Sonntag, 30. Januar 2005 21:14 schrieb Alexander Schmehl: Hi! * Michelle Konzack [EMAIL PROTECTED] [050130 20:29]: how does it come, that every time, you're telling such a story and are requested for some proof, one of your services is down, you cite completly unrelated URLs or you don't answer at all? Why not go to http://lists.debian.org/ and search for it ? May I add this as an other case of MK makes statements which she can't proofe to my list? Making a statement, and telling others to proof it for themself doesn't make your argument look very good. But anyway, I'm subscribed to both lists, and all I can say is: Been there, done that, got no shirt. So until I'm showed otherwise, I'm convident, that there is no mail to debian-devel or debian-kernel, stating that support for the 2.4.18* kernels in the current stable release has been dropped. And beside that, Joeys, forwarded to this list by Jan Minar a couple of hours ago (id: [EMAIL PROTECTED]) proofes, that you are wrong. Don't take it down personal. Jugding about DSA's I've seen, there is currently _no_ security-support for 2.4.18. For reasons I don't know, for thinks, I don't understand, important patches seem to be missing. If you have information about the status of sec-sup in 2.4.18 please let us know. Keep smiling yanosz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: woody kernel image
Paul Hink [EMAIL PROTECTED] wrote: Michelle Konzack [EMAIL PROTECTED] wrote: Am 2005-01-29 22:56:39, schrieb [EMAIL PROTECTED]: Where is it posted that the dropped support for 2.4.18? It was on debian-devel and debian-kernel Both of which are lists mainly intended for developers and experienced users according to http://lists.debian.org/. They told, there are too much kernels to maintain and droped 2.4.(18-22) They sugested to use one of the Backports. And of course this is nothing to inform the ordinary users about, is it? Just to make sure that there are no misunderstandings: I would be really sorry if the information I based my statements upon turned out to be wrong. I completely relied upon the correctness of the mails here in this thread and did not find it neccessary to search the archives myself. Sorry, this might have been a mistake. Paul -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT] tales (was: woody kernel image)
Am 2005-01-30 22:13:08, schrieb Jan Lühr: Greetings, Don't take it down personal. Jugding about DSA's I've seen, there is currently _no_ security-support for 2.4.18. For reasons I don't know, for thinks, I don't understand, important patches seem to be missing. If you have information about the status of sec-sup in 2.4.18 please let us know. And what about the bootfloppies ? In 2002 Eduard Block told us on a Mailinglist (debian-user-german) he will update it, but it was never done... (reason unknown) Now 3 years later, we have the first build full of bugs. There is no warning message, that the 2.4.18-bf24 should be immediatly updated because this security problem... I have found many installations running since years bf24. Keep smiling yanosz Greetings Michelle -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/3/8845235667100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
Re: [OT] tales (was: woody kernel image)
* Jan Lühr [EMAIL PROTECTED] [050130 22:13]: Don't take it down personal. Jugding about DSA's I've seen, there is currently _no_ security-support for 2.4.18. I didn't made any statement about security support of 2.4.18. All I said was, that MK can't proof her own statement, that I can't a find a proof of it, and that we have a hint, contradicting her statement. For reasons I don't know, for thinks, I don't understand, important patches seem to be missing. If you have information about the status of sec-sup in 2.4.18 please let us know. Did you read the mail from Joey Schulze forwarded by Jan Minar a couple of hours ago to this list? Security support for 2.4.18 kernels has not been dropped. It isn't nice, that the kernel-packages has not been upgraded, yet. But I'm sure, that the Security Team will gladly accept your help, if you send them working and tested patches. Keep smiling yanosz :) Yours sincerely, Alexander -- http://learn.to/quote/ http://www.catb.org/~esr/faqs/smart-questions.html signature.asc Description: Digital signature
Re: woody kernel image
Hi! * Paul Hink [EMAIL PROTECTED] [050130 21:57]: They told, there are too much kernels to maintain and droped 2.4.(18-22) They sugested to use one of the Backports. And of course this is nothing to inform the ordinary users about, is it? Just to make sure that there are no misunderstandings: I would be really sorry if the information I based my statements upon turned out to be wrong. There is nothing to be sorry about on your side. I completely relied upon the correctness of the mails here in this thread and did not find it neccessary to search the archives myself. Sorry, this might have been a mistake. In general there is no reason to doubt about information in this list. And I could fully understand your rage (picked that word from dictionary, not sure if it is the correct one), if the information it was based on, was true. (if this mail sounds a bit snooty, I need to apologize, too. it was not intended as beeing so ;) Yours sincerely, Alexander -- http://learn.to/quote/ http://www.catb.org/~esr/faqs/smart-questions.html signature.asc Description: Digital signature
Re: [OT] tales (was: woody kernel image)
Greetings, Am Sonntag, 30. Januar 2005 22:46 schrieb Alexander Schmehl: * Jan Lühr [EMAIL PROTECTED] [050130 22:13]: Don't take it down personal. Jugding about DSA's I've seen, there is currently _no_ security-support for 2.4.18. I didn't made any statement about security support of 2.4.18. All I said was, that MK can't proof her own statement, that I can't a find a proof of it, and that we have a hint, contradicting her statement. yeah, yeah, yeah, please stop this flamewar. For reasons I don't know, for thinks, I don't understand, important patches seem to be missing. If you have information about the status of sec-sup in 2.4.18 please let us know. Did you read the mail from Joey Schulze forwarded by Jan Minar a couple of hours ago to this list? Security support for 2.4.18 kernels has not been dropped. It isn't nice, that the kernel-packages has not been upgraded, yet. But I'm sure, that the Security Team will gladly accept your help, if you send them working and tested patches. ACK, support hasn't been dropped officialy and Joey is doing a good job patching 2.4.27 - and I'm the last one complaining about not riding dead horses like old stable packages, as soon as packages can be backported from sid easily. (In other situtations - no I won't mention the m* word it is different). However, Imho users should be warned, that using woody is a security risk. Keep smiling yanosz
Re: woody kernel image
On Sun, Jan 30, 2005 at 05:08:14PM +, Sam Morris wrote: Michelle Konzack wrote: Generaly there is no reason to remove 2.4.18. But I think, there is a need to a note about Servers like http://www.backports.org/ where they can get newer Kernels. Well it seems sensible to remove such unmaintained packages from the archive. It will prevent people from installing, kernel-image-2.4.18-something and assuming that, since it is in the stable distribution, it will recieve security updates like any other package. Which is what I was assuming when I presented the idea of running Debian over other distributions to my employer. I thought that Debian Security covered all packages, especially the kernel, and items in the Debian main archive. If the packages are not to be removed, then there should definatly be a big flashing red warning in the install and reference manuals saying Do not use kernel-image-2.4.18-* packages! They contain security flaws! :) I would have liked to have seen this... somewhere... perhaps on the Debian Security web site, as I do not subscribe to all of the Debian mailing lists and probably missed the one message stating the security support did not exist for the 2.4.18 kernel. I currently run Sarge on a few machines, but as I understand Debian policy, Sarge does not receive security updates. The only security updates I can expect are for Woody, so this makes Sarge unreliable for a production environment. I guess this is a good time for me to try to see if I can help the Debian Security Folks out if they need it. Sincerely, --Shawn -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: woody kernel image
Hi ! You are right, but why is the kernel image from woody not up-to date ? A simple 'apt-get update apt-get upgrade' will not help. Is is not better to remove the kernel image from woody and take the kernel image 2.4.27 ( I know , it is a version update). A lot of people use only the kernel image from woody and that is currently not so good. Make it sense to write a DSA to use other kernel images ? (e.g. Kernel from backport.org) My solution was to take 2.4.29 (self made), but I think, we have a lot of unfixed woody machines around the world. Nice greetings, Harald Xavier Sudre wrote: On Friday 28 January 2005 at 23:51, Michelle Konzack wrote: Am 2005-01-28 21:25:55, schrieb Harald Krammer: hi ! I have running some debian/woody machines with kernel 2.4.18. I saw the last security fix was DSA-479-1 ( long ago) - is it better to switch to 2.4.29 or exits new kernels with all security pachtes ? AFAIK 2.4.27 from http://www.backports.org/ has it fixed. Ist there realy a Debian kernel-source-2.4.2{8,9} ? nice greetings, harald In my point of view, if you really want to have a secured kernel, you should install the latest available kernel from sources (today 2.4.29) and apply grsecurity patches. Subscribe to the kernel mailling list and whenever there is a new kernel simply follow the above instructions again. There are a number of security flaws around the kernel that people know as beeing unpatched as of today (See grsecurity list archives). Moreover using a packaged kernel usually enables features that can be exploited to gain higher privileges (i.e. kernel module loader enabled) and disabling these features might be the first step in securing the kernel. The kernel being the most important component in the system, it is the one that should be secured the most and the fastest as possible. Therefore a manual installation and patching seems to me as being the solution here. Xavier. -- Harald Krammer Brucknerstrasse 33 A - 4020 Linz AUSTRIA Mobil +43.(0) 664. 130 59 58 Mail: [EMAIL PROTECTED] Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: woody kernel image
Greetings, Am Freitag, 28. Januar 2005 21:25 schrieb Harald Krammer: hi ! I have running some debian/woody machines with kernel 2.4.18. blocked@blocked:~$ cat /proc/version Linux version 2.4.18-1-k7 ([EMAIL PROTECTED]) (gcc version 2.95.4 20011002 (Debian prerelease)) #1 Wed Apr 14 19:20:42 UTC 2004 I saw the last security fix was DSA-479-1 ( long ago) - is it better to switch to 2.4.29 or exits new kernels with all security pachtes ? Kernel 2.4.18 seems to have left the planet due to extraterrestrial commitments. Please use sid's kernel packages instead. Keep smiling yanosz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: woody kernel image
Am 2005-01-29 14:45:37, schrieb Harald Krammer: Hi ! You are right, but why is the kernel image from woody not up-to date ? There are Security Updates for kernel 2.4.18 A simple 'apt-get update apt-get upgrade' will not help. Is is not better to remove the kernel image from woody and take the kernel image 2.4.27 ( I know , it is a version update). A lot of people use only the kernel image from woody and that is currently not so good. Make it sense to write a DSA to use other kernel images ? (e.g. Kernel from backport.org) I am using 2.4.27 from http://www.backports.org/ and they are very fine. Never had problems with it. I think, this must be a little bit promoted... My solution was to take 2.4.29 (self made), but I think, we have a lot of unfixed woody machines around the world. :-/ Nice greetings, Harald Greetings Michelle -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/3/8845235667100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
Re: woody kernel image
In article [EMAIL PROTECTED] you wrote: There are Security Updates for kernel 2.4.18 The last update for kernel-source-2.4.18 in stable was in April 2004. BTW: I wonder why http://packages.qa.debian.org/k/kernel-source-2.4.18.html contains the latest version 2.4.18-14.3 but no entry in the latest news for it. Greetings Bernd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: woody kernel image
On Sat, Jan 29, 2005 at 07:12:21PM -0800, peace bwitchu wrote: This has been bothering me as well. They dropped support for kernel 2.4.18 when Herbert Xu left but I don't remember seeing any notification of this. I roll my own but how many boxes out there havn't been patched because they didn't know? I had no idea this had happened. I wish I knew. I have a machine running a Debian Woody webserver on 2.4.18 right now which is exposed to the Internet. Granted, apache is in a chroot jail and I have iptables blocking all ports but 80 and 22, but still, I would have liked to have known that 2.4.18 was not being maintained. This should be posted somewhere easy to find so that folks know. Where is it posted that the dropped support for 2.4.18? --Shawn -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
woody kernel image
hi ! I have running some debian/woody machines with kernel 2.4.18. blocked@blocked:~$ cat /proc/version Linux version 2.4.18-1-k7 ([EMAIL PROTECTED]) (gcc version 2.95.4 20011002 (Debian prerelease)) #1 Wed Apr 14 19:20:42 UTC 2004 I saw the last security fix was DSA-479-1 ( long ago) - is it better to switch to 2.4.29 or exits new kernels with all security pachtes ? nice greetings, harald -- Harald Krammer Brucknerstrasse 33 A - 4020 Linz AUSTRIA Mobil +43.(0) 664. 130 59 58 Mail: [EMAIL PROTECTED] Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: woody kernel image
Am 2005-01-28 21:25:55, schrieb Harald Krammer: hi ! I have running some debian/woody machines with kernel 2.4.18. I saw the last security fix was DSA-479-1 ( long ago) - is it better to switch to 2.4.29 or exits new kernels with all security pachtes ? AFAIK 2.4.27 from http://www.backports.org/ has it fixed. Ist there realy a Debian kernel-source-2.4.2{8,9} ? nice greetings, harald Greetings Michelle -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/3/8845235667100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
Re: woody kernel image
On Friday 28 January 2005 at 23:51, Michelle Konzack wrote: Am 2005-01-28 21:25:55, schrieb Harald Krammer: hi ! I have running some debian/woody machines with kernel 2.4.18. I saw the last security fix was DSA-479-1 ( long ago) - is it better to switch to 2.4.29 or exits new kernels with all security pachtes ? AFAIK 2.4.27 from http://www.backports.org/ has it fixed. Ist there realy a Debian kernel-source-2.4.2{8,9} ? nice greetings, harald In my point of view, if you really want to have a secured kernel, you should install the latest available kernel from sources (today 2.4.29) and apply grsecurity patches. Subscribe to the kernel mailling list and whenever there is a new kernel simply follow the above instructions again. There are a number of security flaws around the kernel that people know as beeing unpatched as of today (See grsecurity list archives). Moreover using a packaged kernel usually enables features that can be exploited to gain higher privileges (i.e. kernel module loader enabled) and disabling these features might be the first step in securing the kernel. The kernel being the most important component in the system, it is the one that should be secured the most and the fastest as possible. Therefore a manual installation and patching seems to me as being the solution here. Xavier. -- Xavier Sudre Homepage: http://xavier.sudre.fr/ Email:[EMAIL PROTECTED] GPG key: http://xavier.sudre.fr/gpg/xavier.asc -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]