Guest anon Posted July 29, 2003 Report Share Posted July 29, 2003 http://news.zdnet.co.uk/business/0,3902064...,2138195,00.htm The Linux distributor has advised users not to install a recent upate to the Mandrake Linux 9.1 kernel, after discovering a serious flaw MandrakeSoft has advised users of its Mandrake Linux 9.1 operating system not to install a security update released on Sunday due to a serious security bug in the update. If users have already installed the update, MandrakeSoft urged them to downgrade to a previous version if possible. The unusual warning concerned a routine security update to the kernel, or core, of Mandrake Linux 9.1 released at the beginning of this week. On Tuesday, the company warned that the kernel update was not safe, as it was creating files that could be altered by any user. "The regular kernel (kernel-2.4.21.0.24mdk) has a problem where it is ignoring umask settings and instead is creating files with mode 0666 (world writeable)," wrote MandrakeSoft security update manager Vincent Danen to a Mandrake security mailing list. He said MandrakeSoft's secure and enterprise kernels were not affected by the bugs. The updated kernel, kernel-2.4.21.0.24mdk, should be rolled back to kernel 18mdk or 13mdk if possible, or swapped for the secure kernel, Danen said. MandrakeSoft said it was working on a fix for the 24mdk kernel, and said it expected to release the fix on Friday. The latest kernel update fixed several software bugs and security holes. Quote Link to comment Share on other sites More sharing options...
Dyslexic Posted July 29, 2003 Report Share Posted July 29, 2003 Just to be clear. By "last Sunday" they mean July 20. The kernel released last Sunday (July 27), 2.4.21.0.25mdk, has been fixed. Go ahead and download the 25mdk kernel. Quote Link to comment Share on other sites More sharing options...
Gowator Posted July 30, 2003 Report Share Posted July 30, 2003 Hey, I want the old-new Kernel. :? :? :? This must have been the one they used for testing urpmi ?? Just joking :D but Im getting tired of everything (services) being installed as root. If I had this kernel mysql would have access to for instance /var/log/mysql ... It wouldn't make any difference squid installing itself as root since there are no security differences anyway ?? and squid could write to all the directories its meant to which for some weird reason are all owned by root from an urpmi install. ??? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.