Debian attacker may have used new exploit

Henry Spencer henry-lqW1N6Cllo0sV2N9l4h3zg at public.gmane.org
Tue Dec 2 16:38:19 UTC 2003


On Tue, 2 Dec 2003, JoeHill wrote:
> "This bug has been fixed in kernel version 2.4.23 for the 2.4 tree and
> 2.6.0-test6 kernel tree. For Debian it has been fixed in version
> 2.4.18-12 of the kernel source packages, version 2.4.18-14 of the i386
> kernel images and version 2.4.18-11 of the alpha kernel images."
> ...
> What confuses me, is that my default install of MDK 9.2 shows kernel version:
> 2.4.22-10
> But MDK says 9.2 is safe.

Note the "-10" on the end.  That is not a stock 2.4.22; it is their
modified version of it.  I don't know enough about Mandrake to say for
sure about them, but this sort of thing often means that they've got their
own package of favorite kernel mods and need a while to integrate it into
a new kernel release, so the quickest way to respond to a problem is to
manually put the fix for it into their current kernel, rather than
instantly switching to the new kernel. 

                                                          Henry Spencer
                                                       henry-lqW1N6Cllo0sV2N9l4h3zg at public.gmane.org


--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list