Mailinglist Archive: opensuse-security (394 mails)

< Previous Next >
Re: [suse-security] dates on new kernels don't agree with release announcement?
  • From: Michael James <Michael.James@xxxxxxxx>
  • Date: Fri, 5 Dec 2003 16:22:16 +1100
  • Message-id: <200312051622.16503.Michael.James@xxxxxxxx>
On Friday 05 December 2003 15:47, Roman Drahtmueller wrote:
> That one was tested earlier (before it was published).
> There were checks on the brk() stuff, though.
>
> > If you look into the changelog of -144 kernel, the fix seems to be there:
> > * Fri Sep 26 2003 - mantel@xxxxxxx
> > - check bounds in do_brk
>
> Right, long ago...

> > > Sorry taking up time on a busy day, but I'm confused...
> > I am confused too.
>
> Anything open?

I think I am hearing that we were all patched and secure
back on Nov 24th. If that's the case then I'm happy.


> More details: Andrea Arcangeli has run into the missing bounds checks in
> brk() a while ago. The patch was added to our SLES8 update kernel for
> Service Pack 3, later (after release of 9.0) also to the update kernel for
> 9.0. _After_ that time, the do_brk() issue turned out to be a security
> threat, causing us to prepare updates for all products except for those
> which had the fix already.
> I guess you'd curse if you were facing the work... :-)

That makes things considerably clearer.

This issue of being ahead of the game would be an unmitigated triumph
IF you weren't quite so self-effacing and wore your
"Been there, done that, Got the Patches" tee shirt on the lists
where panics break: bugtraq, suse-security, Auscert (australian CERT).

Or another note on
http://www.suse.com/us/private/support/security/index.html
to say an issue has already been addressed.

We have enough faith in Suse to believe
silence means work is going on behind the scenes
but it's stretching a sysadmin's cynicism when silence means "relax!"

michaelj

--
Michael James michael.james@xxxxxxxx
System Administrator voice: 02 6246 5040
CSIRO Bioinformatics Facility fax: 02 6246 5166


< Previous Next >