Gus Wirth wrote:
Lan Barnes wrote:
On Sun, April 15, 2007 10:49 am, Gus Wirth wrote:
Lan Barnes wrote:
http://www.pcworld.com/article/id,130717-pg,1/article.html
I also read Slashdot. This is a month old and already fixed.
Gus
And therefore not worth mentioning? Because you read /.? Because it's a
month old (or recent)? Because it's been fixed? I need guidelines if I'm
not to waste your time in the future.
And did you mention it a month ago? Because I for one missed it.
Posting links from Slashdot doesn't have much value. But if you had
done a modicum of research you could have enlightened us. For example,
I saw that article and wondered about how long the vulnerability
existed. So I went to CERT <http://www.cert.org> and did a search on
madwifi. I found that CERT had issued an advisory in early DECEMBER
2006 (2006-12-08) <http://www.kb.cert.org/vuls/id/925529>. From there
I found that the madwifi folks had issued the patch ONE DAY BEFORE THE
ADVISORY. A fixed version of the madwifi drivers has been available
since that day.
Odd that.
You didn't answer Lan's question. He (nor I) saw your warning. When
did you warn us?
Unless you haven't updated your madwifi drivers since mid-December
2006 and are still at less than version 0.9.2.1 you aren't vulnerable
to this exploit.
The value in this story is that the following happened:
1) Someone found a flaw
2) They quietly contacted the madwifi team
3) The madwifi team fixed the flaw
4) The madwifi team publishes a fix
5) The world is notified that there is a problem and a fix is available
I think this is the way it should be.
Agreed!
The bad part of this story is that somehow something that was found
and fixed over four months ago somehow rears it's head as a "My god,
Linux has a bug!" and gets regurgitated all over the place.
I don't think that's what he was saying at all. I think he was rearing
it as "My god, if you don't read such things (as I do not) and are not
aware of it, you may be vulnerable and may wish to update at least this
portion of your Linux, just in case y'all didn't know it." I really
don't remember *ever* hearing Lan naysaying Linux. My god, Gus has a
bug! (I won't say where.)
Gus
PS. Ford Pinto's may explode when crashed!
Sarcasm duly noted. Nevertheless, if there is anyone out there who even
still has a Pinto and doesn't know about this flaw, then it truly is a
good thing that you are warning them about it. Thank you for your
*much* belated warning.
I, for one, am glad that Lan presented this. I did not know about it.
And I still run FC4. I'm pretty sure I don't have the update since my
yum stopped working in FC4. Anyway, I'm not currently at risk since I
have no wireless devices (except my cell phone and my infrared remotes).
Hey Lan. I (for one) thank you. If it wasn't for the warnings on the
list, I might not become aware of them.
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
