kernel vulnerability

[John Heim]

You can now download a kernel that is not vulnerable from any stable 
repository. Any kernel that has a -6 in the name. Like 
linux-image-2.6.18-6-686. For instance:

# apt-get install linux-image-2.6.18-6-686

Or you can point apt to an unstable archive and do this:
# apt-get install linux-image-2.6.24-2-686

The problem is that these kernels don't have the speakup patch. Last week I 
installed non-speakup kernels on the 100+ machines in tmy department. I 
wonder if Shane is going to post 2.6.18-6 kernels on his space on 
people.debian.org?

I downloaded the 2.6.24 kernel from an unstable repository. Then I got the 
config file from that kernel and used it to build a kernel patched with 
speakup. I would imagine that Shane does something similar when he builds 
his kernels. I haven't tried the new kernel yet. Various other things have 
drawn me away from the kernel problem.  If it works, I am going to have to 
go around and install the new kernel on the 100+ machines. Well, I can do 
them remotely but it's still going to take me forever.


----- Original Message ----- 
From: "Jude DaShiell" <jdashiel at shellworld.net>
To: <speakup at braille.uwo.ca>
Sent: Thursday, February 14, 2008 4:30 PM
Subject: re: kernel vulnerability


> It's a kernel patch that needs doing to fix this vulnerability and most
> Linux kernels made available over the last year can be exploited by this
> vulnerability.  The vulnerability isn't stopped by different hardware
> either, it works as well on an AMD 64 as an i386 machine according to
> messages over on the debian-user list.
>
>
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
>