| |||||||||||||
|
| |||||||||||||
sysadmin's mistakesysadmin's mistakePosted Dec 2, 2003 9:47 UTC (Tue) by cbcbcb (guest, #10350)In reply to: sysadmin's mistake by xose Parent article: A Debian kernel security update
(Log in to post comments)
sysadmin's mistake Posted Dec 2, 2003 15:07 UTC (Tue) by cate (subscriber, #1359) [Link] (Trustix and Mandrake have only just patched this since debian released this info)Security issue aren't handled so. Surely Debian has advised few day ago other distribution about the vulnerability. Debian attack was made between november 20 and 21. CVE set the vulnerability number on november 26 (by RedHat). According RedHat bugs, the bug it is disclosed only today (December the first), but already know and corrected. Surelly most of the distribution have patched and corrected the kernel before the official debian annonce. Maybe they are late in annoncing it, or LWN have not yet updated the security annonces. For sure, before a security annonce is made, few people of major distributions know about the problem and prepare the patches. I read lkml every day, and I don't remember seeing this bug either. AFAIK nobody knew about root exploit before the attack to debian machines (but naturally some crakers). The error in kernel seemed inofensive.
sysadmin's mistake Posted Dec 2, 2003 17:07 UTC (Tue) by cbcbcb (guest, #10350) [Link] > Surelly most of the distribution have patched and corrected the> kernel before the official debian annonce. Not all of them. That was the point of my post. Look at the date in: http://lwn.net/Articles/60813/
|
|
||||||||||||