Greetings, Am Mittwoch, 12. Januar 2005 20:32 schrieb Joey Hess: > Jan Lühr wrote: > > things seem to be in a rush right now, and I'm looking for a little > > overview. In the past 1-2 months several kernel exploits rushed through > > the news that might / can / probably will affect debian stable. However, > > I haven't seen any signle DSA regarding the following issues: Can you > > please give me an overview: Which problems do affected > > kernel-source-2,4.18? - If so, what is the current status of the > > according DSA? > > I'm afraid that I can only tell you the status of 2.6.8 and 2.4.27 in > unstable/testing. AFAIK there have not been DSAs for any of these to fix > stable, and I don't know which ones really affect stable. Probably most of > them. > > Some of the information below may be incorrect, the kernel team knows > better than I. > (...) Interesting and helpful information not quoted for better reading.
> A few others you left out: Thanks for your help, the topic is quite wide-spreded, and I'm a part time network administrator.. Do you recommend to use kernel-source-2.4.27 from sid (sarge) instead of 2.4.18 from woody? > CAN-2004-1337 > > Apparently only affects 2.6, we're not very vulnerable since the > module is loaded by the initrd. Not yet fixed. > CAN-2004-1335 > > Fixed in kernel-source-2.6.8. 2.4 is not fixed. > > CAN-2004-1234 > > Does not affect sarge since we have a kernel > 2.4.25. > > CAN-2004-1191 > > Should not affect our 2.4 kernel since it was fixed in 2.4.27. > Probably our 2.6.8 kernel is vulnerable. > > CAN-2004-1190 > > Could be SuSE specific, unclear and not enough info. > > CAN-2004-1151 > > My notes indicate that this was fixed in svn at some point, but > I can't find the fix now. > > CAN-2004-1144 > > Amd64 specific, don't know if we're vulnerable. > > CAN-2004-1074 > > Fixed in kernel-source-2.6.8 2.6.8-11, kernel-source-2.4.27 > 2.4.27-7, and te binary packages uild from them. > > CAN-2004-1073 > CAN-2004-1072 > CAN-2004-1071 > CAN-2004-1070 > > 2.6.8 and 2.4.27 are not vulnerable to these. > > CAN-2004-1069 > > Only affects 2.6. Fixed in kernel-source-2.6.8 2.6.8-11. > > CAN-2004-1068 > > Fixed in kernel-source-2.4.27 2.4.27-7, kernel-source-2.6.8 2.6.8-11. > > CAN-2004-1058 > > AFAIK it's unfixed. > > CAN-2004-1056 > > Fixed in kernel-source-2.4.27 2.4.27-8 (not yet released), > kernel-source-2.6.8 2.6.8-11. > > CAN-2004-1017 > > Unknown. > > CAN-2004-1016 > > Fixed in kernel-image-2.4.27-i386 2.4.27-7. > > CAN-2004-0949 > > Fixed in 2.4.27, but 2.6.8 may still be vulnerable. > > CAN-2004-0887 > > s390 specific. Fixed in linux-kernel-image-2.6.8-s390 2.6.8-3, > kernel-source-2.6.8 2.6.8-10 > > CAN-2004-0883 > > Unknown. > > CAN-2004-0814 > > Fixed in kernel-source-2.6.8 2.6.8-8, kernel-source-2.4.27 2.4.27-7 > > CAN-2004-0813 > > Fixed in recent 2.6 and 2.4 kernels. > > CAN-2004-0685 > > Unknown. > > CAN-2004-0596 > > Unknown. > > CAN-2003-0465 > > May be unfixed in our 2.4.27 kernel on some arches (bug #280492) > i386 and ppc32 are ok. > 2.6 fixed. Thanks for your help. I'll look for information on this tomorrow. Is all information available, (as far as I need 'em to check whether it concerns me) or is it kept under disclosure? Keep smiling yanosz
