kernel 2.4.23 2003-12-16 - By Steven J. Yellin
Back
I thought the two linked pages explained the situation quite well.
If all you want is remove the vulnerability that was still present in
2.4.22, you DON'T need 2.4.23 or later. In fact, you may not want the
later kernel, because it may introduce new bugs or have inconsistencies
with your current system. So RedHat has kindly made a kernel, 2.4.20-24.9,
that fixes the vulnerability, but otherwise leaves the old, working
version unchanged.
On Tue, 16 Dec 2003, Brian T. Brunner wrote:
>
> The facetious comments made along the lines of preaching the 'top
> posting is evil' religion aside, yes I read the second linked page. No
> it didn't clear up why we had a vulnerability in 2.4.22 that was to be
> addressed by the 2.4.20-24.9 srpms when what we're in need of is 2.4.23
> or later.
>
> >>> ms-nospam-0306 (See http://pam-0306.ora-code.com)@(protected) 12/16/03 10:42AM >>>
> On Tue, 16 Dec 2003 09:39:29 -0500, Brian T. Brunner wrote:
>
> >
> > The pages listed left be bewildered.
>
> What pages?
>
> Oh, some within the quote at the bottom. Please reply below quotes to
> maintain context.
>
> > The text at the top of the errata page describes the 2.4.22 vulnerability,
and then proved srpms for 2.4.20?
>
> Did you read also the second linked page?
>
> > I've upgraded kernels to 2.4.22, evidently in need of 2.4.23; what's the
fix?
> 2.4.20-24.7 as linked.
>
> > On Tue, 16 Dec 2003 15:16:43 +0800, Suat Lee wrote:
> >
> > > Referring to an article by Robert McMillan entitled "Linux kernel
> > > vulnerability behind Debian attack", it says that the bug affects
> > > versions of the Linux kernel prior to Version 2.4.23.
> > >
> > > Is there a release of kernel 2.4.23 for Red Hat 7.3? Would appreciate if
> links provided. Thanks.
> >
> > https://rhn.redhat.com/errata/RHSA-2003 (See http://HSA-2003.ora-code.com)-392.html
> > http://www.redhat.com/advice/speaks_backport.html
--
Steven Yellin
|
|
