Re: root compromise on debian woody

• Previous message: Rogério Brito: "Re: Slow Firefox performance scrolling macslash.org"
• In reply to: Selva Nair: "Re: root compromise on debian woody"
• Next in thread: Phil Dyer: "Re: root compromise on debian woody"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Mon, 30 May 2005 10:00:10 +0300
To: debian-user@lists.debian.org

On Sat, May 28, 2005 at 01:39:54PM -0400, Selva Nair wrote:
> Date: Sat, 28 May 2005 13:39:54 -0400
> From: Selva Nair <selva.nair@gmail.com>
> Subject: Re: root compromise on debian woody
>
 [snip]

> I was running debian 2.4.18-k7. Now I notice that there is another kernel
> image available for k7 -- kernel-image-2.4.18-1.k7. Just installed that one and
> the exploit doesn't work on it. So was I running an unsafe kernel?
http://packages.debian.org shows kernel-image-2.4.18-1-k7 as [security]. Updates
from security team went to that package, not to 2.4.18-k7. I don't know
really how Debian's kernel versioning works, but IIRC in Sarge there
was kernel-image-2.4.27-1-686 and now there's kernel-image-2.4.27-2-686

>
> apt-show-versions show
>
> kernel-image-2.4.18-k7/stable uptodate 2.4.18-5
> kernel-image-2.4.18-1-k7/stable uptodate 2.4.18-13.1
>
> The timestamp on vmlinuz-2.4.18-k7 is Apr 14 2002 (pretty old) while
> the 2.4.18-1-k7
> is Apr 14 2004.Why is this 2.4.18-k7 kernel so old and buggy and still
> stated to be uptodate?
  It is up-to-date in terms of package versions, so there're no newer
kernel-image-2.4.18-k7 packages.

[snip]

  Best wishes

--
Alexei Chetroi
Smile... Tomorrow will be worse. (c) Murphy's Law
-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

• Previous message: Rogério Brito: "Re: Slow Firefox performance scrolling macslash.org"
• In reply to: Selva Nair: "Re: root compromise on debian woody"
• Next in thread: Phil Dyer: "Re: root compromise on debian woody"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Workable encryption in Tcl?? ... > have not tried the package on the platform you intend to use it on. ... >thought the strong encryption in TclDES may preclude that. ... >not need to know how an engine works to drive a car. ... (comp.lang.tcl) Re: Cannot get JetDirect printer to work on FC3 ... > my FC3 machine): ... To build (after installing the src.rpm package) the xpp binary package ... -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." ... (linux.redhat) Re: Virtual box USB problems ... chmod'ing the nodes, it _will_ work at next boot, but it breaks again the ... next time your "initscripts" package is upgraded (because ... mountdevsubfs.sh is part of that package, ... (Ubuntu) Re: Q: What are *.la - files? ... I thought I knew reasonably well how linkers and ... > an RPM myself, and ended up with a package also lacking ... KDE packagers seem pretty ... (comp.os.linux.misc) Re: You Cant Spell "Stupid..." ... > UPS dropped a Dull server off for us. ... And making him fight UPS ... I have had packages just fail to show up and one package with the correct ... (alt.sysadmin.recovery)