Search Members Help

» Welcome Guest
[ Log In :: Register ]

Mini-ITX Boards Sale, Fanless BareBones Mini-ITX, Bootable 1G DSL USBs, 533MHz Fanless PC <-- SALE $200 each!
Get The Official Damn Small Linux Book. DSL Market , Great VPS hosting provided by Tektonic
Pages: (9) </ 1 2 3 4 5 [6] 7 8 9 >/

[ Track this topic :: Email this topic :: Print this topic ]

new topic new poll
Topic: DSL v3.3 RC2< Next Oldest | Next Newest >
ron Offline





Group: Members
Posts: 72
Joined: July 2006
Posted: Mar. 12 2007,22:35 QUOTE

Quote (ron @ Mar. 11 2007,19:27)
Roberts can you confirm whether the 3.0 version (with Linux 2.4.26) is affected by the so-called "local" DoS-attack vulnerability?

Did you miss this post? This is an important issue. A server was taken out with this attack only yesterday.
Back to top
Profile PM 
lucky13 Offline





Group: Members
Posts: 1478
Joined: Feb. 2007
Posted: Mar. 12 2007,22:59 QUOTE

Quote (ron @ Mar. 12 2007,17:35)
Quote (ron @ Mar. 11 2007,19:27)
Roberts can you confirm whether the 3.0 version (with Linux 2.4.26) is affected by the so-called "local" DoS-attack vulnerability?

Did you miss this post? This is an important issue. A server was taken out with this attack only yesterday.

Stop worrying, it's not critical.

OPERATING SYSTEM: Linux Kernel 2.6.x
It's marked "less critical."
http://secunia.com/advisories/24493/

No 2.4 kernels listed:
http://www.securityfocus.com/bid/22904


--------------
"It felt kind of like having a pitbull terrier on my rear end."
-- meo (copyright(c)2008, all rights reserved)
Back to top
Profile PM WEB 
ron Offline





Group: Members
Posts: 72
Joined: July 2006
Posted: Mar. 12 2007,23:12 QUOTE

Thanks for the link. I agree it's not a big problem right now for home desktop/laptop users.
Back to top
Profile PM 
roberts Offline





Group: Members
Posts: 4983
Joined: Oct. 2003
Posted: Mar. 12 2007,23:14 QUOTE

A very vague post.

But to quote the security announcement:
Quote
To execute this attack a malicious user needs shell access to the victim's machine.  The severity of this bug is considered low because local denial-of-service attacks are hard to prevent in general.


DSL primarily being single user (dsl) live CD or compressed image (frugal) desktop does not a server make.

Being single user, would mean an internal or local DoS would be self inititated?  See the quoted security above.

If you decide to install DSL as traditional hard drive installation and make it into a server, then you should take every precaution to protect it.

Servers and traditional hard installations cannot be supported as it is impossible to know the state of your machine and network environment.

Given the low level of this security announcement and the above facts regarding the intended use of DSL, no further action will be taken.
Back to top
Profile PM WEB 
MakodFilu Offline





Group: Members
Posts: 65
Joined: Jan. 2006
Posted: Mar. 13 2007,03:13 QUOTE

I have noticed several configuration files under /KNOPPIX/etc/X11 that seemed odd to be included, like XClock, XCalc and some more, about 100KB in total.

Not exactly RC2 related, but maybe those could be cut out of there for extra space?
Back to top
Profile PM WEB 
40 replies since Mar. 06 2007,04:46 < Next Oldest | Next Newest >

[ Track this topic :: Email this topic :: Print this topic ]

Pages: (9) </ 1 2 3 4 5 [6] 7 8 9 >/
new topic new poll
Quick Reply: DSL v3.3 RC2

Do you wish to enable your signature for this post?
Do you wish to enable emoticons for this post?
Track this topic
View All Emoticons
View iB Code