-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2008-02-10 at 22:02 -0800, Crispin Cowan wrote:
It's a local exploit; the attacker has to already be logged into your box to exploit it.
If you have hostile users logged into your box, and this patch is urgent, then you have worse problems than this patch :-)
It has been suggested that an attacker might gain access through a flash animation on a webpage, as normal user, and then scalate to root. Don't ask me how, I have no idea - I only repeat what I heard, as a parrot :-) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHsDNEtTMYHG2NR9URAqDVAJ9mnoDQNt1UjI+qtCeTagyInYCXXQCfVBwg gyGS5wCW/Wp2cqGWZYsoyXQ= =WGu3 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org