On Thursday 04 December 2003 09:34, Gary Hodges wrote:
I just got the email from SuSE about the Kernel brk() vulnerability. Going through the instructions in the email I see that kernel
k_athlon-2.4.21-144.i586.rpm
is what I'm supposed to download. About a week ago there was a kernel update that I did with YaST/YOU. It is the same version number as the one listed for the current security announcement.
~>rpm -q k_athlon k_athlon-2.4.21-144
I'm I correct to assume that I'm OK? Is it possible that changes were made to the kernel but the version number didn't change?
Cheers, Gary
Well, 2.4.21-144 is the one. I take it that the fact that you had received an email about the brk() problem suggesting you update to X-144 came after it was already available for dl via YOU. All I can say is that the public announcement of the brk() vulnerability was known about by the kernel devs before the general public. So, in otherwords they are doing what M$ say they are better at... Providing updates in a timely manner. How much more timely does one need!? A problem is found, fixed, made available, then announced - in that order. So I think you fairly safe. By the way the patch from SUSE came with a blurb (in a file) that describes the patch and its changes and then there's always the changelog to check against. Cheers, Curtis.