On Wed, Dec 03, 2003 at 03:23:06PM +0100, Roman Drahtmueller wrote:
______________________________________________________________________________ SUSE Security Announcement Package: gpg ______________________________________________________________________________ [...] 2) Pending vulnerabilities in SUSE Distributions and Workarounds:
- kernel: brk() vulnerability All SUSE Linux kernels (except for the SUSE Linux Enterprise Server 8) are vulnerable to a privilege escalation vulnerability that can be exploited by an attacker who has local shell acccess to your system. We are in the process of testing the update packages for all of our products. The packages are expected to be released within hours and are being published as they are ready.
well well, according to http://lwn.net/Vulnerabilities/60820/ all the majors linux distributors (RH, mdk, debian, etc.) execpted SuSE have released fixed packages... And there is nothing about that threat under http://www.suse.com/de/security/announcements/index.html yet. Does your "within hours" means something before the end of the week? With the exploits around (which allowed to crack of savannah.gnu.org too), it would be nice if it could come out... :-) Otherwise I guess we'll have to patch & fix & recompile the kernels "by hand". Thanks & regards, Olivier