1 |
On Tue, 2003-08-05 at 10:08, Philippe Lafoucrière wrote: |
2 |
> Hi all, |
3 |
> |
4 |
> The stable kernel in portage is currently 2.4.20-r5, but the current |
5 |
> "stable" kernel is 2.4.21. And if you look a this : |
6 |
> |
7 |
> http://www.securityfocus.com/archive/1/330888 |
8 |
> |
9 |
> There is an exploit in kernels < 2.4.21. We definitely should upgrade |
10 |
> our kernel version. |
11 |
|
12 |
Simply emerge vanilla-sources, pfeifer-sources, gs-sources, or any |
13 |
number of other non-2.4.20 sources in portage. |
14 |
|
15 |
The problem with 2.4.20 is only in netfilter code which isn't required. |
16 |
We are aware of the bug in the 2.4.20 kernel and are diligently working |
17 |
on a solution. There is currently a "beta" gentoo-sources, by the way |
18 |
of pfeifer-sources, available. Unfortunately, the gentoo-sources is a |
19 |
VERY complex beast consisting of multiple patches which all have to be |
20 |
ported to a new kernel version and regression tested to ensure there is |
21 |
no breakage. If you are concerned about the security of your system, |
22 |
you should use a kernel other than gentoo-sources on any |
23 |
Internet-accessible machines or not enable this feature of the netfilter |
24 |
code. |
25 |
|
26 |
-- |
27 |
Chris Gianelloni |
28 |
Developer, Gentoo Linux |