Hi, may I be allowed to ask some questions?
I am a little bit confused about the latest discussions on the ptrace kernel bug. As I am not a regular reader of this mailing list but heavily relying on the debian security announce mailing list and apt-get, I was really wondering why I could not find anything about that ptrace kernel bug that can be found here http://sinuspl.net/ptrace/ on the debian security website / announcement list. As I keep my systems regularly (apt-)updated I thought there was no reason to panic, at least debian is known for it´s high claims on beeing secure and "there would be some word about that if it was a problem." well, said that I tried, just for fun, if that exploit could do something on my actual debian installations and I really got slapped hard! All machines were exploitable! Ok, my questions: Why isn´t there a security warning about that ptrace bug? The actual kernel sources that one can get via apt-get, are they already patched? What about the kernel-images? As i read, there are some misfunctions with that kernel-patch, not allowing some tools to work properly (netsaint / nagios were mentioned). Are there any more sideeffects known? Is there a good website accumulating information about-that-prace-bug-and-patch-and-all-the-problems-that-are related-to this.org? And: which informtion sources do I have to follow to become informed about *all* security bugs in debian? Thanks for your attention and sorry for my clumsy english! Have a nice thread, Peter
