|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [discuss] Re: MDKSA-2003:110 - Updated kernel packages fix vulnerability
From: Buchan Milne (bgmilne
cae.co.za)
Date: Thu Dec 04 2003 - 03:46:23 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bob PuffNLE wrote:
> No, not shame on them when the auto update scripts don't show or install
> the kernel. I had to do a bit of digging to find the instructions on
> doing this a while back, and unless something has radically changed that
> I haven't seen, the same thing applies - you have to find the docs, wget
> the file manually, etc etc...
No, you can use urpmi.
# urpmi kernel
may work, then again it may not ...
> What was the reason again that this
> wasn't done by mandrake update??
Too many people would wipe out their running kernel, so the kernel
packages have a name of %{name}-%{version} (instead of just %{name}), so
'rpm -Uvh kernel*.rpm' won't remove the previous kernel any more.
http://www.mandrakesecure.net/en/kernelupdate.php
Vince, it would be nice though to note that users running 9.2 should be
running the latest update kernel, since the two previous kernels weren't
security advisories (in fact, I don't see one for the 2.4.22-18mdk
kernel which IIRC only fixed ACPI on the NForce2 motherboards, and the
2.4.22-21mdk advisory is an MDKA, not MDKSA, and the descriptions file
lists it as a bugfix, not security). Additionally, users who *do* want
packet writing, but don't have LG devices, and don't have NForce2
boards, currently have no motivation to upgrade from 2.4.22-10mdk.
The text of the current advisory also says:
"The Mandrake Linux 9.2 kernels are not vulnerable to this problem as
the fix for it is already present in those kernels."
This is also misleading, since at least one kernel for 9.2 is vulnerable.
Maybe a revised advisory for 2.4.22-21mdk, clarifying which kernels are
not vulnerable?
Regards,
Buchan
- --
|--------------Another happy Mandrake Club member--------------|
Buchan Milne Mechanical Engineer, Network Manager
Cellphone * Work +27 82 472 2231 * +27 21 8828820x202
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/zwJurJK6UGDSBKcRAmXlAJ416zaFGuxyo2X4ErJv0hDLmurRFQCgp4w3
a3XbySBn5WugBQeSLlSiYWM=
=xihO
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]