Mailinglist Archive: opensuse-security (137 mails)
| < Previous | Next > |
Re: [suse-security] mmap exploit
- From: ken <gebser@xxxxxxxxxxxxx>
- Date: Tue, 14 Jun 2005 12:32:20 -0400
- Message-id: <42AF0694.3080501@xxxxxxxxxxxxx>
Marcus Meissner wrote:
>On Mon, Jun 13, 2005 at 09:28:20PM +0200, Marcus Meissner wrote:
>
>
>>On Mon, Jun 13, 2005 at 09:01:22PM +0200, Philippe Vogel wrote:
>>
>>
>>>What about (CAN-2005-1265)? mmap exploit in kernel?
>>>
>>>http://www.ubuntulinux.org/support/documentation/usn/usn-137-1
>>>
>>>Ubuntu did fix this already. Whern there will be a fix available?
>>>
>>>
>>Last thursday.
>>
>>
>
>Actually, we did not fix this issue, for the following simple
>reason:
>
>SUSE Linux is not affected by this, since we do not support
>this allocator in our shipping products.
>
>Ciao, Marcus
>
>
I'm not understanding what "this allocator in our shipping products"
means. Could anyone please clarify?
Looking at
<http://www.novell.com/linux/security/advisories/2005_29_kernel.html>,
it seems at odds with the statement that Suse did not fix this issue.
On the 10th, following on a security upgrade notice, I upgraded several
packages, including the kernel. (Actually, to say that I upgraded gives
me too much credit... I just tried to click on the correct answers. :)
So now my /boot/vmlinuz and /boot/initrd are both dated 2005-06-10.
Does this mean that this exploit has been patched on my system? Is
there a command which users can run to determine whether this exploit
exists on their systems?
tia.
--
A lot of us are working harder than we want, at things we don't like to
do. Why? ...In order to afford the sort of existence we don't care to live.
-- Bradford Angier
>On Mon, Jun 13, 2005 at 09:28:20PM +0200, Marcus Meissner wrote:
>
>
>>On Mon, Jun 13, 2005 at 09:01:22PM +0200, Philippe Vogel wrote:
>>
>>
>>>What about (CAN-2005-1265)? mmap exploit in kernel?
>>>
>>>http://www.ubuntulinux.org/support/documentation/usn/usn-137-1
>>>
>>>Ubuntu did fix this already. Whern there will be a fix available?
>>>
>>>
>>Last thursday.
>>
>>
>
>Actually, we did not fix this issue, for the following simple
>reason:
>
>SUSE Linux is not affected by this, since we do not support
>this allocator in our shipping products.
>
>Ciao, Marcus
>
>
I'm not understanding what "this allocator in our shipping products"
means. Could anyone please clarify?
Looking at
<http://www.novell.com/linux/security/advisories/2005_29_kernel.html>,
it seems at odds with the statement that Suse did not fix this issue.
On the 10th, following on a security upgrade notice, I upgraded several
packages, including the kernel. (Actually, to say that I upgraded gives
me too much credit... I just tried to click on the correct answers. :)
So now my /boot/vmlinuz and /boot/initrd are both dated 2005-06-10.
Does this mean that this exploit has been patched on my system? Is
there a command which users can run to determine whether this exploit
exists on their systems?
tia.
--
A lot of us are working harder than we want, at things we don't like to
do. Why? ...In order to afford the sort of existence we don't care to live.
-- Bradford Angier
| < Previous | Next > |