On Sat, May 28, 2005 at 01:39:54PM -0400, Selva Nair wrote: > Date: Sat, 28 May 2005 13:39:54 -0400 > From: Selva Nair <[EMAIL PROTECTED]> > Subject: Re: root compromise on debian woody > [snip]
> I was running debian 2.4.18-k7. Now I notice that there is another kernel > image available for k7 -- kernel-image-2.4.18-1.k7. Just installed that one > and > the exploit doesn't work on it. So was I running an unsafe kernel? http://packages.debian.org shows kernel-image-2.4.18-1-k7 as [security]. Updates from security team went to that package, not to 2.4.18-k7. I don't know really how Debian's kernel versioning works, but IIRC in Sarge there was kernel-image-2.4.27-1-686 and now there's kernel-image-2.4.27-2-686 > > apt-show-versions show > > kernel-image-2.4.18-k7/stable uptodate 2.4.18-5 > kernel-image-2.4.18-1-k7/stable uptodate 2.4.18-13.1 > > The timestamp on vmlinuz-2.4.18-k7 is Apr 14 2002 (pretty old) while > the 2.4.18-1-k7 > is Apr 14 2004.Why is this 2.4.18-k7 kernel so old and buggy and still > stated to be uptodate? It is up-to-date in terms of package versions, so there're no newer kernel-image-2.4.18-k7 packages. [snip] Best wishes -- Alexei Chetroi Smile... Tomorrow will be worse. (c) Murphy's Law -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
