Re: [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities

On Friday 28 September 2007 07:45, Johannes Wiedersich wrote: > Holger Levsen wrote: > > Hi, > > > > On Friday 28 September 2007 11:18, Jan Wagner wrote: > >>> Running postinst hook script /sbin/update-grub. > >>> You shouldn't call /sbin/update-grub. Please call /usr/sbin/update-grub > >>> instead

Re: [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities

Hi, On Friday 28 September 2007 14:45, Johannes Wiedersich wrote: > IIRC, this should apply only to upgrades from sarge. It's covered in > Etch's release notes [1]. I stand corrected, thanks for pointing this out. > [1] > http://www.de.debian.org/releases/stable/i386/release-notes/ch-upgrading.e

Re: [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities

Hi, On Friday 28 September 2007 14:32, Marcin Owsiany wrote: > It's just a warning, so not _that_ bad... Not that bad, but everytime I see it, I think "bad QA", which is bad. regards, Holger pgp2YO9Lmyjk8.pgp Description: PGP signature

Re: [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Holger Levsen wrote: > Hi, > > On Friday 28 September 2007 11:18, Jan Wagner wrote: >>> Running postinst hook script /sbin/update-grub. >>> You shouldn't call /sbin/update-grub. Please call /usr/sbin/update-grub >>> instead! >> you need to modify /etc

Re: [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities

On Fri, Sep 28, 2007 at 01:10:10PM +0200, Holger Levsen wrote: > Hi, > > On Friday 28 September 2007 11:18, Jan Wagner wrote: > > > Running postinst hook script /sbin/update-grub. > > > You shouldn't call /sbin/update-grub. Please call /usr/sbin/update-grub > > > instead! > > you need to modify /e

Re: [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities

Hi, On Friday 28 September 2007 11:18, Jan Wagner wrote: > > Running postinst hook script /sbin/update-grub. > > You shouldn't call /sbin/update-grub. Please call /usr/sbin/update-grub > > instead! > you need to modify /etc/kernel-img.conf! I believe this happens with a freshly installed etch sys

Re: [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities

Hi, On Friday 28 September 2007 10:04, G.W. Haywood wrote: > Running postinst hook script /sbin/update-grub. > You shouldn't call /sbin/update-grub. Please call /usr/sbin/update-grub > instead! you need to modify /etc/kernel-img.conf! With kind regards, Jan. -- Never write mail to <[EMAIL PROTE

Re: [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities

Hi there, On Thu, 27 Sep 2007, dann frazier wrote: > - -- > Debian Security Advisory DSA 1378-1[EMAIL PROTECTED] > http://www.debian.org/security/ Dann Frazier > September 27t

Re: [SECURITY] [DSA 1378-1] New Linux 2.6.18 packages fix several vulnerabilities

Apologies if this has already been posted, but: For CVE-2007-4573 - The proof of concept code posted by Robert Swiecki on the bugtraq list [1] still works as a local root exploit for the Xen kernels on AMD64 in the updated packages: linux-image-2.6.18-5-xen-vserver-amd64_2.6.18.dfsg.1-13etch3