Release Candidates :: DSL v3.3 RC2



Quote (ron @ Mar. 11 2007,19:27)
Roberts can you confirm whether the 3.0 version (with Linux 2.4.26) is affected by the so-called "local" DoS-attack vulnerability?

Did you miss this post? This is an important issue. A server was taken out with this attack only yesterday.
Quote (ron @ Mar. 12 2007,17:35)
Quote (ron @ Mar. 11 2007,19:27)
Roberts can you confirm whether the 3.0 version (with Linux 2.4.26) is affected by the so-called "local" DoS-attack vulnerability?

Did you miss this post? This is an important issue. A server was taken out with this attack only yesterday.

Stop worrying, it's not critical.

OPERATING SYSTEM: Linux Kernel 2.6.x
It's marked "less critical."
http://secunia.com/advisories/24493/

No 2.4 kernels listed:
http://www.securityfocus.com/bid/22904

Thanks for the link. I agree it's not a big problem right now for home desktop/laptop users.
A very vague post.

But to quote the security announcement:
Quote
To execute this attack a malicious user needs shell access to the victim's machine.  The severity of this bug is considered low because local denial-of-service attacks are hard to prevent in general.


DSL primarily being single user (dsl) live CD or compressed image (frugal) desktop does not a server make.

Being single user, would mean an internal or local DoS would be self inititated?  See the quoted security above.

If you decide to install DSL as traditional hard drive installation and make it into a server, then you should take every precaution to protect it.

Servers and traditional hard installations cannot be supported as it is impossible to know the state of your machine and network environment.

Given the low level of this security announcement and the above facts regarding the intended use of DSL, no further action will be taken.

I have noticed several configuration files under /KNOPPIX/etc/X11 that seemed odd to be included, like XClock, XCalc and some more, about 100KB in total.

Not exactly RC2 related, but maybe those could be cut out of there for extra space?

Next Page...
original here.