|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [discuss] Re: MDKSA-2003:110 - Updated kernel packages fix vulnerability
From: John C. Danielson (jdii1215
johndanielsonii.com)
Date: Thu Dec 04 2003 - 17:53:02 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Vincent Danen wrote:
>
> On Dec 03, 2003, at 18:44, John C. Danielson wrote:
>
>>> FWIW, I just tested this in vmware against 22mdk (currently) in
>>> updates and no problems.
>>>
>>> With 10mdk, I did manage to crash the vm.
>>>
>>> Take this as a reminder to keep up to date on updates.
>>
>>
>> Vince, this is not a per se vuln discussion, but it might be pertinent:
>>
>> I got 9.2 via BitTorrent. I got kernel 2.4.22-10mdk set. To my box,
>> 2.4.22-21 never appeared in the Mandrake Update portion of software
>> management in Mandrake Control Center. I run THREE update sources,
>> RedBox, the source in se, and a more local one. However, 2.4.22-21
>> appeared in the Software Installer, along with most of the parts of
>> KDe that did not appear in the Mandrake Updates section.
>
>
> This is why people should subscribe to the announce mailing list or
> some other means of obtaining information about new advisories beyond
> just MandrakeUpdate.
>
> Kernels are different. They don't install "automagically" like
> everything else does (although if you "urpmi kernel" you'll get to
> pick what you want, but --auto-select doesn't work with kernels).
>
>> My understanding from reading the post of the SA was that 2.4.22-22
>> applied to 9.1 and down. IF this was based on the usage of Mandrake
>> Update module, then the kernel packs never showed for 2.4.22-21 at
>> all there. Furthermore, trying to install 2.4.22-21 gets the
>> following bad sig reports on:
>>
>> ...22-21mdk1-1 for Secure and SMP and the 2.422-21 SOURCE from the
>> Software Installation module with an appended (could not open file)
>> after the bad sig. So, what do I do about installing it??? Or do I???
>> :-(
>>
>> Sent on Dec 4, 2003 at 01:43:34 GMT\Zulu\UDT. NEVER seen this from a
>> Mandrake mirror, bad sigs on kernel set parts. HELP!
>
>
> I really didn't follow any of this. If you get an invalid sig on any
> update, try from another mirror first.
>
> ---
> MandrakeSoft Security; http://www.mandrakesecure.net/
> Online Security Resource Book; http://linsec.ca/
> "lynx -source http://linsec.ca/vdanen.asc | gpg --import"
> {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
4 mirrors, same errors.
John.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]