From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 13243 invoked by uid 1002); 5 Aug 2003 18:19:18 -0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 27342 invoked from network); 5 Aug 2003 18:19:18 -0000 From: Chris Gianelloni To: lafou@wanadoo.fr Cc: Gentoo-dev In-Reply-To: <1060092496.3072.13.camel@biproc> References: <1060092496.3072.13.camel@biproc> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-bIIRScUCJzQlZ9v7fncY" Message-Id: <1060107924.18983.233.camel@vertigo> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.3 Date: 05 Aug 2003 14:25:24 -0400 Subject: Re: [gentoo-dev] Kernel 2.4.20 X-Archives-Salt: d4cfd48d-f71b-4da7-97b4-224de5aa7053 X-Archives-Hash: 4197f2b069ae48f3641a865944588514 --=-bIIRScUCJzQlZ9v7fncY Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable On Tue, 2003-08-05 at 10:08, Philippe Lafoucri=E8re wrote: > Hi all, >=20 > The stable kernel in portage is currently 2.4.20-r5, but the current > "stable" kernel is 2.4.21. And if you look a this : >=20 > http://www.securityfocus.com/archive/1/330888 >=20 > There is an exploit in kernels < 2.4.21. We definitely should upgrade > our kernel version. Simply emerge vanilla-sources, pfeifer-sources, gs-sources, or any number of other non-2.4.20 sources in portage. The problem with 2.4.20 is only in netfilter code which isn't required.=20 We are aware of the bug in the 2.4.20 kernel and are diligently working on a solution. There is currently a "beta" gentoo-sources, by the way of pfeifer-sources, available. Unfortunately, the gentoo-sources is a VERY complex beast consisting of multiple patches which all have to be ported to a new kernel version and regression tested to ensure there is no breakage. If you are concerned about the security of your system, you should use a kernel other than gentoo-sources on any Internet-accessible machines or not enable this feature of the netfilter code. --=20 Chris Gianelloni Developer, Gentoo Linux --=-bIIRScUCJzQlZ9v7fncY Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQA/L/aUkT4lNIS36YERAiqUAJ4qmEY1/SRDDA3dX12+g+pZeUgiIwCgjqZV Sw49jJoNqYlry+jG3HQGwl0= =Jt9W -----END PGP SIGNATURE----- --=-bIIRScUCJzQlZ9v7fncY--