Robert S wrote: > I am running debian with kernel 2.4.27. I see that the kernel-source > package is listed in the security vulnerabilities (DSA-1097). I do a > weekly "apt-get update && apt-get upgrade" but have not been prompted to > upgrade my > kernel. I am using kernel-image-2.4-k6. > > Do I need to upgrade my kernel image and if so, what is the correct way of > doing this?
Do you use stable or testing? If you take a look at http://www.debian.org/security/2006/dsa-1097 you can see that you need at least 2.4.27-10sarge3 for IA-32 architecture. When you run apt-cache policy kernel-image-2.4.27-2-k6 you should get something like this (not exactly, because I have here testing): kernel-image-2.4.27-2-k6: Installed: (none) Candidate: 2.4.27-12 Version table: 2.4.27-12 0 300 http://debian.lcs.mit.edu unstable/main Packages 700 http://debian.lcs.mit.edu testing/main Packages 2.4.27-10sarge1 0 500 http://security.debian.org sarge/updates/main Packages Which means that if you have stable and security updates configured properly, then you should have 2.4.27-10sarge1 . Chmmm, so there is apparently some problem with that system. Nevertheless, security report itself mentions source of the patched kernel as (on one line): http://security.debian.org/pool/updates/main/k/kernel-image-2.4.27-i386\ /kernel-image-2.4.27-3-k6_2.4.27-10sarge3_i386.deb If you download this package (with wget or curl -O prepended to URL) you can install it (as a root) with dpkg -i kernel-image-2.4.27-3-k6_2.4.27-10sarge3_i386.deb I am Cc:-ing this to the security team and hopefully we'll get some reaction from them about apparently broken apt-get lists. Best, Matěj -- GPG Finger: 89EF 4BC6 288A BF43 1BAB 25C3 E09F EF25 D964 84AC http://www.ceplovi.cz/matej/blog/, Jabber: [EMAIL PROTECTED] 23 Marion St. #3, (617) 876-1259, ICQ 132822213 That distinction is reflected in the apocryphal remark made by a French diplomat to his British counterpart: "This is all very well in practice, but will it work in theory?". -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
