iB::Topic::DSL v3.3 RC2

	Damn Small Linux :: Damn Small Linux Board The DSL Forums

» Welcome Guest
[ Log In :: Register ]

Damn Small Linux Board » Damn Small Linux » Release Candidates » DSL v3.3 RC2

		Mini-ITX Boards Sale, Fanless BareBones Mini-ITX, Bootable 1G DSL USBs, 533MHz Fanless PC <-- SALE $200 each!
		Get The Official Damn Small Linux Book. DSL Market , Great VPS hosting provided by Tektonic

Pages: (9) </ 1 2 3 4 5 [6] 7 8 9 >/

[ Track this topic :: Email this topic :: Print this topic ]

Topic: DSL v3.3 RC2

< Next Oldest | Next Newest >

ron

Group: Members
Posts: 72
Joined: July 2006

Posted: Mar. 12 2007,22:35

Quote (ron @ Mar. 11 2007,19:27)

Roberts can you confirm whether the 3.0 version (with Linux 2.4.26) is affected by the so-called "local" DoS-attack vulnerability?

Did you miss this post? This is an important issue. A server was taken out with this attack only yesterday.

lucky13

Group: Members
Posts: 1478
Joined: Feb. 2007

Posted: Mar. 12 2007,22:59

Quote (ron @ Mar. 12 2007,17:35)

Quote (ron @ Mar. 11 2007,19:27)

Roberts can you confirm whether the 3.0 version (with Linux 2.4.26) is affected by the so-called "local" DoS-attack vulnerability?

Did you miss this post? This is an important issue. A server was taken out with this attack only yesterday.

Stop worrying, it's not critical.

OPERATING SYSTEM: Linux Kernel 2.6.x
It's marked "less critical."
http://secunia.com/advisories/24493/

No 2.4 kernels listed:
http://www.securityfocus.com/bid/22904

--------------
"It felt kind of like having a pitbull terrier on my rear end."
-- meo (copyright(c)2008, all rights reserved)

ron

Group: Members
Posts: 72
Joined: July 2006

Posted: Mar. 12 2007,23:12

Thanks for the link. I agree it's not a big problem right now for home desktop/laptop users.

roberts

Group: Members
Posts: 4983
Joined: Oct. 2003

Posted: Mar. 12 2007,23:14

A very vague post.

But to quote the security announcement:

Quote

To execute this attack a malicious user needs shell access to the victim's machine. The severity of this bug is considered low because local denial-of-service attacks are hard to prevent in general.

DSL primarily being single user (dsl) live CD or compressed image (frugal) desktop does not a server make.

Being single user, would mean an internal or local DoS would be self inititated? See the quoted security above.

If you decide to install DSL as traditional hard drive installation and make it into a server, then you should take every precaution to protect it.

Servers and traditional hard installations cannot be supported as it is impossible to know the state of your machine and network environment.

Given the low level of this security announcement and the above facts regarding the intended use of DSL, no further action will be taken.

MakodFilu

Group: Members
Posts: 65
Joined: Jan. 2006

Posted: Mar. 13 2007,03:13

I have noticed several configuration files under /KNOPPIX/etc/X11 that seemed odd to be included, like XClock, XCalc and some more, about 100KB in total.

Not exactly RC2 related, but maybe those could be cut out of there for extra space?

40 replies since Mar. 06 2007,04:46

< Next Oldest | Next Newest >

[ Track this topic :: Email this topic :: Print this topic ]

Pages: (9) </ 1 2 3 4 5 [6] 7 8 9 >/

Damn Small Linux Board » Damn Small Linux » Release Candidates » DSL v3.3 RC2