Vulnerabilities

[Ken Moffat]

 I've now put a fix in the book for two recent perl vulnerabilities
(one was sometime last year, I hadn't been aware of it - it was only
when I searched to see what Ag had referred to on blfs-dev that I
came across it plus the more recent one).  If the security list was
still in use, I'd post there advising everyone to upgrade.  As I
noted in the patch, perl 5.10 has its own (unrelated) first recorded
vulnerability so it doesn't make a lot of sense to upgrade to that.

 Of course, this doesn't mean the book is free of known
vulnerabilities - there have been a number of kernel issues
recently.  To be honest, I don't know where the book is supposed to
be going after the discussions a couple of months ago (package
management, dynamically generated book, whatever) and I don't have
the time to try building with newer kernels at the moment.

 Anyone who is _really_ concerned can either upgrade the installed
kernel to stable's latest (2.6.25.10 at the moment) or, if you are
building afresh you can use 2.6.24.7 for the headers and if you
really want to stay with the 2.6.24-series there is a patch at
cross-lefs.org for backported fixes (For clfs, backporting makes
sense as we try to get a release under way, for LFS between releases
it doesn't sound like an obvious thing to do).

ĸen
-- 
das eine Mal als Tragödie, das andere Mal als Farce