From: Dick Gevers (dvgeversxs4all.nl)
Date: Fri Dec 05 2003 - 09:35:37 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello John,

On Fri, 05 Dec 2003 09:43:45 -0500, "John C. Danielson"
<jdii1215johndanielsonii.com> wrote about Re: [discuss] Re: MDKSA-2003:110
- - - Updated kernel packages fix vulnerability:

>Errors were identicalfrom
>Sweden\SUNET, RedBox in Checkoslovakia, secsup.org in US, and Stealthnet
>interlinking, for the three kernel files I brought into discussion.

With all due respect, your findings do sound convincing; yet I was doubting
that all servers would have corrupt files somehow.

So I just now downloaded:

kernel-secure-2.4.22.21mdk-1-1mdk.i586.rpm

with firebird from:

ftp://ftp.sunet.se/pub/Linux/distributions/mandrake/updates/9.2/RPMS/

and as per rpm there is nothing wrong with the file:

[rootdvg rpm]# rpm -Kv ker*
kernel-secure-2.4.22.21mdk-1-1mdk.i586.rpm:
    Header SHA1 digest: OK (20107c92c3c9004fabfb3a8932de426292714c04)
    MD5 digest: OK (f012fad930247b907adca110925eb13d)
    V3 DSA signature: OK, key ID 22458a98

For this reason, I am guessing that you still have to associate the key:
pub 1024D/22458A98 2000-07-10 Mandrake Linux Security Team
        <securitymandrakesoft.com>
uid Linux Mandrake Security Team <securitylinux-mandrake.com>
sub 1024g/6F3F9BC6 2000-07-10

via Software Media Manager --> Manage keys
with the relative Media repository.

Also, in case you shouldn`t have done so yet, please update popt* & rpm* to
the latest versions.

I don`t mean to offend if it happens to be otherwise; but I hope this helps.

Best regards,
=Dick Gevers=

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Encryption is an envelope - the contents are private.

iD8DBQE/0KXIwC/zk+cxEdMRAiASAJ9IAhLa0slf9Dnrnne/m/hdq8/n0ACgoNpR
oxEq2QfbZba+PZYXJxCek98=
=na10
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]