| 1 |
On Tue, 2003-08-05 at 10:08, Philippe Lafoucrière wrote: |
| 2 |
> Hi all, |
| 3 |
> |
| 4 |
> The stable kernel in portage is currently 2.4.20-r5, but the current |
| 5 |
> "stable" kernel is 2.4.21. And if you look a this : |
| 6 |
> |
| 7 |
> http://www.securityfocus.com/archive/1/330888 |
| 8 |
> |
| 9 |
> There is an exploit in kernels < 2.4.21. We definitely should upgrade |
| 10 |
> our kernel version. |
| 11 |
|
| 12 |
Simply emerge vanilla-sources, pfeifer-sources, gs-sources, or any |
| 13 |
number of other non-2.4.20 sources in portage. |
| 14 |
|
| 15 |
The problem with 2.4.20 is only in netfilter code which isn't required. |
| 16 |
We are aware of the bug in the 2.4.20 kernel and are diligently working |
| 17 |
on a solution. There is currently a "beta" gentoo-sources, by the way |
| 18 |
of pfeifer-sources, available. Unfortunately, the gentoo-sources is a |
| 19 |
VERY complex beast consisting of multiple patches which all have to be |
| 20 |
ported to a new kernel version and regression tested to ensure there is |
| 21 |
no breakage. If you are concerned about the security of your system, |
| 22 |
you should use a kernel other than gentoo-sources on any |
| 23 |
Internet-accessible machines or not enable this feature of the netfilter |
| 24 |
code. |
| 25 |
|
| 26 |
-- |
| 27 |
Chris Gianelloni |
| 28 |
Developer, Gentoo Linux |
Archives