Mailinglist Archive: opensuse-security (376 mails)
| < Previous | Next > |
Re: [suse-security] kernel security hole?
- From: Eduard Avetisyan <dich_ed@xxxxxxxxx>
- Date: Thu, 20 Mar 2003 05:34:58 -0800 (PST)
- Message-id: <20030320133458.50770.qmail@xxxxxxxxxxxxxxxxxxxxxxx>
--- Mathias Homann <admin@xxxxxxxxxx> wrote:
> See http://www.heise.de/newsticker/data/ju-20.03.03-000/ or
> http://www.securityfocus.com/archive/1/315635
>
> Has this been discussed here already?
Yes, already by several people, and I seriously do not
understand the silence from SuSE (even given CeBIT as an
excuse). My short investigation showed that at least SuSE 7.3
and 8.1 default kernels (2.4.10 and 2.4.19, respectively) are
vulnerable to this exploit, this is freely available on the web!
And I do not understand statements like:
> FYI, new GRsecurity 1.9.9d solves this problem.
Sure, there's even simpler way - one may just apply Alan Cox's
patch to his kernel and happily go ahead, but I guess it's
rather expected that SuSE provides a patched kernel rpms
combined with usual official security notice... Or am I wrong?
Eduard
__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com
> See http://www.heise.de/newsticker/data/ju-20.03.03-000/ or
> http://www.securityfocus.com/archive/1/315635
>
> Has this been discussed here already?
Yes, already by several people, and I seriously do not
understand the silence from SuSE (even given CeBIT as an
excuse). My short investigation showed that at least SuSE 7.3
and 8.1 default kernels (2.4.10 and 2.4.19, respectively) are
vulnerable to this exploit, this is freely available on the web!
And I do not understand statements like:
> FYI, new GRsecurity 1.9.9d solves this problem.
Sure, there's even simpler way - one may just apply Alan Cox's
patch to his kernel and happily go ahead, but I guess it's
rather expected that SuSE provides a patched kernel rpms
combined with usual official security notice... Or am I wrong?
Eduard
__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com
| < Previous | Next > |