On Thu, Dec 11, 2008 at 05:06:52PM +0000, Dominic Hargreaves wrote: > On Thu, Dec 04, 2008 at 10:59:11AM -0700, dann frazier wrote: > > > Package : linux-2.6.24 > > Vulnerability : denial of service/privilege escalation > > Problem type : local/remote > > Debian-specific: no > > CVE Id(s) : CVE-2008-3528 CVE-2008-4554 CVE-2008-4576 CVE-2008-4618 > > CVE-2008-4933 CVE-2008-4934 CVE-2008-5025 CVE-2008-5029 > > CVE-2008-5134 CVE-2008-5182 CVE-2008-5300 > > > > Several vulnerabilities have been discovered in the Linux kernel that > > may lead to a denial of service or privilege escalation. The Common > > Vulnerabilities and Exposures project identifies the following > > problems: > > [snip details] > > > For the stable distribution (etch), these problems have been fixed in > > version 2.6.24-6~etchnhalf.7. > > All these issues are also listed as affecting 2.6.18 on > <http://security-tracker.debian.net/tracker/>. Are there plans to > release fixed packages?
Some do, some don't :) The security tracker is the canonical resource - though you're welcome to monitor the kernel and kernel-sec svn repositories on alioth if you want more granular information. > Are there plans to release fixed packages? Yes - 2.6.18 is in stable, and as such will be security supported for at least another year. Minor/local DoS security issues in the kernel are very frequent, so updated packages are constantly in preparation. Preparing kernel updates is resource intensive so, unless there's a severe issue, etch users should expect 2.6.18 and 2.6.24 updates to be staggered. -- dann frazier -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
