On Tuesday 09 December 2003 9:08 pm, Andreas Janssen wrote: > Hello > > Geoff Thurman (<[EMAIL PROTECTED]>) wrote: > > Is it possible for the unwitting to install a kernel-image > > downloaded from official debian sources that hasn't been patched > > for the recent exploit, or can all the currently downloadable > > images (and kernel source packages too, for that matter) be taken > > to be safe from it? I've > > switched to woody, and have today installed image-2-4-18-k6 #1, > > dated Apr 14 2002. Clearly the date suggests no patch has been > > applied, so is this kernel vulnerable to the exploit, please, or > > does it not arise in this branch? > > Your Kernel is vulnerable. When the ptrace bug was fixed, the > packages became incompatible to modules compiled for older versions, > and they were renamed. Install kernel-image-2.4.18-1-k6 from > security.debian.org. The current version from ftp.debian.org (Woody > r2) does /not/ fix all vulnerabilities (I even think it is still the > same one as in Woody r1 because newer packages were rejected from r2 > for some reasons). > > best regards > Andreas Janssen
Sheesh. Thank you. The new one is downloading now. Cheers, Geoff -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
