On Friday 14 July 2006 19:05, Török Edvin wrote: > On 7/14/06, Art Edwards <[EMAIL PROTECTED]> wrote: > > Thanks very much for this post. However, I am confused about > > Do you mean 2.6.13 up to 2.6.13.4? As written, 2.6.13 up to 2.6.17.4 > > would include all of the 2.6.14, 2.6.15, and 2.6.16 kernels, rendering > > the last part of that line inconsistent. This has propagated through the > > debian lists, so, at the least, a clarification would be very useful. the > > span of kernels effected. > > Have a look at: > http://www.securityfocus.com/bid/18874 it lists the kernels. > Up to 2.6.17.4 they are vulnerable, and in the 2.6.16 line it is fixed > in 2.6.16.24
Now that it is clear which kernels are defective, what should one do with defective kernel on both i386 Debian etch and amd64 Debian etch? The list of Debian packages http://www.debian.org/distrib/packages does not offer > 2.6.17.4 kernels for these systems. Should one download from http://www.securityfocus.com/bid/18874 ? Does that tarbal require a kernel compilation? I can easily imagine: Yes. What does mean "the vendor" in such list? How long it will take until > 2.6.17.4 kernels become available as deb packages for etch? I can also imagine that a machine used normally detached from internet, and only connected there for #aptitude update (upgrade) with only Debian official on sources.list, as for a machine used for computation, there is no problem of kernel vulnerability. True? Thank you francesco > > Cheers, > Edwin
