Security update mistake?
glgxg at mfire.com
Sat May 26 22:19:23 UTC 2007
On 05/26/2007 02:30 PM, Thilo Six wrote:
> Johan Grönqvist wrote the following on 25.05.2007 10:33
>> Yesterday, there was a security announcement recommending upgrading the
>> kernel to 18.104.22.168, but synaptic does not automatically suggest this
>> upgrade. The new kernel image is available in the repository, but not
>> automatically upgraded to.
>> I believe this is because no upgrade is available to linux-generic,
>> which still is version 22.214.171.124 and does not depend on the new kernel.
>> To me it feels good to let a meta-package select what kernel I should
>> use, but now that does not seem to be the best option now.
>> Is this a mistake in the security update process?
>> / johan
> the dependencies seem to be wrong.
> I have send a mail to devel-discuss - waiting for an answer.
> bye Thilo
I noticed the same; on a machine that I did 'sudo apt-get update'
yesterday - in Synaptic|Status|New in repository, are 23 packages for
126.96.36.199. On this machine after a 'sudo apt-get update' I show same 23
packages, but only after doing a search 188.8.131.52 (none installed of
course). linux-image-2.6.20-16-generic is in the 23.
The May 23 Security advisory advises:
Ubuntu Security Notice USN-464-1 May 23, 2007
CVE-2007-1357, CVE-2007-1388, CVE-2007-1496, CVE-2007-1497,
CVE-2007-1592, CVE-2007-1730, CVE-2007-2172
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
sudo apt-get upgrade results in nothing to be done - ditto for sudo
Note: the full upgrade notice can be found here
for a listing with the repos.
More information about the ubuntu-users