LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

sysadmin's mistake

sysadmin's mistake

Posted Dec 2, 2003 15:07 UTC (Tue) by cate (subscriber, #1359)
In reply to: sysadmin's mistake by cbcbcb
Parent article: A Debian kernel security update

(Trustix and Mandrake have only just patched this since debian released this info)

Security issue aren't handled so. Surely Debian has advised few day ago other distribution about the vulnerability. Debian attack was made between november 20 and 21. CVE set the vulnerability number on november 26 (by RedHat). According RedHat bugs, the bug it is disclosed only today (December the first), but already know and corrected. Surelly most of the distribution have patched and corrected the kernel before the official debian annonce. Maybe they are late in annoncing it, or LWN have not yet updated the security annonces. For sure, before a security annonce is made, few people of major distributions know about the problem and prepare the patches.

I read lkml every day, and I don't remember seeing this bug either.

AFAIK nobody knew about root exploit before the attack to debian machines (but naturally some crakers). The error in kernel seemed inofensive.

(Log in to post comments)

sysadmin's mistake

Posted Dec 2, 2003 17:07 UTC (Tue) by cbcbcb (guest, #10350) [Link]

> Surelly most of the distribution have patched and corrected the
> kernel before the official debian annonce.

Not all of them. That was the point of my post. Look at the date in: http://lwn.net/Articles/60813/

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds