Kernel vulnerability

Leon sdl.web at gmail.com
Sat Jul 15 10:17:24 UTC 2006


Dave Jones <davej at redhat.com> writes:

> On Sat, Jul 15, 2006 at 12:52:58AM -0400, Luke Macken wrote:
>
>  > I'm not sure what went on between the embargo, July 6th, and when
>  > kernel-2.6.17-1.2157_FC5 was submitted and pushed out to
>  > updates-testing on July 12th.
>
> I was swamped with trying to get rawhide in shape for test2.
> (Turns out we slipped a week anyway).
>
>  > The package then sat in update-testing for 51 
>  > hours until it was pushed out as final on the 14th.
>
> I wanted it to simmer for at least a day due to the xen update
> that got merged into cvs during the above time period.
> Ideally, an update should have gone out fixing just the security bug,
> but branching cvs, and doing another rebuild would have added at least
> a day.
>
> There's another vulnerability that has been announced today, and
> another -stable got pushed out this evening.  However there's some
> concern that it breaks HAL, I'll investigate further in the morning,
> and see if I can get something out tomorrow evening before I disappear
> for a day whilst travelling to kernel summit/OLS.
>
> 		Dave
>

Does this kind of vulnerability affect machines that only have sshd
enabled? I'm still using Kernel 2.6.16.20.

thanks
-- 
Leon




More information about the fedora-devel-list mailing list