Em Sábado, 15 de Julho de 2006 14:45, Matt Kraai escreveu: > On Fri, Jul 14, 2006 at 10:33:15PM +0100, Pedro Celestino dos Reis Rodrigues wrote: > > In secury advisory at http://www.debian.org/News/2006/20060713 the two > > ranges of kernel versions overlap. Transcription follows: > > > > It only exists in the Linux kernel 2.6.13 up to versions before 2.6.17.4, > > and 2.6.16 before 2.6.16.24. > > > > Is this correct? > > It matches what the CVE says. It sounds like it was fixed in both > 2.6.16.24 and 2.6.17.4, so versions between 2.6.13 and 2.6.23 > (inclusive) and versions between 2.6.17 and 2.6.17.3 (inclusive) are > vulnerable.
When you say 2.6.23 do you mean 2.6.16.23 ? The most recent version of the kernel is 2.6.17.6 (2006-07-15 19:17 UTC) so 2.6.23 makes not sense to me. And it seems that in the advisory page, where it is "If you run Linux 2.6.13 up to versions before 2.6.17.4, or Linux 2.6.16 up to versions before 2.6.16.24, please update your kernel immediately.", if it was "If you run Linux 2.6.17 up to versions before 2.6.17.4, or Linux 2.6.16 up to versions before 2.6.16.24, please update your kernel immediately." it will make more sense. Pedro -- _____________________________________________________________ Pedro Celestino dos Reis Rodrigues Departamento de Química e Bioquímica Faculdade de Ciências da Universidade de Lisboa Tel: 21750000-28619
