see heise news ticker article: http://www.heise.de/newsticker/data/pab-25.10.02-001/ any comments? bye, [MH] -- Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und §823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt!
On Fre, 25 Okt 2002, Mathias Homann wrote:
see heise news ticker article: http://www.heise.de/newsticker/data/pab-25.10.02-001/
Original: http://cert.uni-stuttgart.de/ As Hubert Mantel (Kernel-Developement at SuSE), told me this morning, SuSE had allready patched those in the unstable-tree, which can be downloades here: ftp://ftp.suse.com/pub/people/mantel/next/ Greetings, -- Jörg Henner Fon: +49 (7 11) 48 90 83 - 0 ETES - EDV-Systemhaus GbR Fax: +49 (7 11) 48 90 83 - 50 Libanonstrasse 58 A * D-70184 Stuttgart Web: http://www.etes.de ______________________________________ Inflex - eMail Scanning and Protection Queries to: postmaster@etes.de
Joerg Henner wrote:
On Fre, 25 Okt 2002, Mathias Homann wrote:
see heise news ticker article: http://www.heise.de/newsticker/data/pab-25.10.02-001/
Original:
As Hubert Mantel (Kernel-Developement at SuSE), told me this morning, SuSE had allready patched those in the unstable-tree, which can be downloades here:
ftp://ftp.suse.com/pub/people/mantel/next/
I'm confused about this, because the kernel sources from this address do not contain the code from the kernel-2.4.19-sec file from The Free World's Information and Software Repository in the traps.c file... -- Dipl.-Inform. Frank Steiner mailto:fst@informatik.uni-kiel.de Lehrstuhl f. Programmiersprachen mailto:fsteiner@web.de CAU Kiel, Olshausenstraße 40 Phone: +49 431 880-7265, Fax: -7613 D-24098 Kiel, Germany http://www.informatik.uni-kiel.de/~fst/
Joerg Henner wrote:
On Fre, 25 Okt 2002, Mathias Homann wrote:
see heise news ticker article: http://www.heise.de/newsticker/data/pab-25.10.02-001/
Original:
As Hubert Mantel (Kernel-Developement at SuSE), told me this morning, SuSE had allready patched those in the unstable-tree, which can be downloades here:
ftp://ftp.suse.com/pub/people/mantel/next/
I'm confused about this, because the kernel sources from this address do not contain the code from the kernel-2.4.19-sec file from The Free World's Information and Software Repository in the traps.c file...
As Joerg said: It's "unstable". It might bitch at you in many ways.
We're working on updates. But it will take a few more days. Be patient.
Thanks,
Roman.
--
- -
| Roman Drahtmüller
Roman Drahtmueller wrote:
As Joerg said: It's "unstable". It might bitch at you in many ways.
We're working on updates. But it will take a few more days. Be patient.
I often work with these packages from Hubert and usually they run fine for me... I was just confused because I did not find the fix code from the kernel-2.4.19-sec file in Huberts RPMs, so I wasn't sure if the patch had been applied to this unstable tree or not... Anyway, I'll wait for the official update! Thanks! Frank -- Dipl.-Inform. Frank Steiner mailto:fst@informatik.uni-kiel.de Lehrstuhl f. Programmiersprachen mailto:fsteiner@web.de CAU Kiel, Olshausenstraße 40 Phone: +49 431 880-7265, Fax: -7613 D-24098 Kiel, Germany http://www.informatik.uni-kiel.de/~fst/
Hi! As in the ssh case nothing exactly is been said on the vulnerability of the kernel. Do you have some information about the exact problem? I hate it getting news there is a security problem and don't know what it's about. What so secret about writing something about the case (not sending the vulnerability itself)? The same was with ssh so I can't validate, if it's a real problem! Philippe
Hi!
As in the ssh case nothing exactly is been said on the vulnerability of the kernel. Do you have some information about the exact problem? I hate it getting news there is a security problem and don't know what it's about. What so secret about writing something about the case (not sending the vulnerability itself)?
Alan Cox says that providing details about security holes is illegel in the US due to the DMCA laws. He may be right, while I do not want to comment on this law. SuSE is a German company. We _can_ provide details about security problems. If we know them. :-| Right now it looks like the RedHat update addresses vulnerabilities in drivers for hardware, and it can be assumed that these bugs are DoS type attack scenarios (your box Oopses or panics).
The same was with ssh so I can't validate, if it's a real problem!
I see it the same way.
Philippe
Roman.
Hi! There was an article on slashdot about DMCA and the latest Changelog of the linux kernel: http://yro.slashdot.org/article.pl?sid=02/10/16/1146212&mode=thread&tid=153 They say that Changelogs of the latest Linux-Kernels are available to non-US residents at: http://www.thefreeworld.net/non-US/ On Freitag, 25. Oktober 2002 17:38, Roman Drahtmueller wrote:
Alan Cox says that providing details about security holes is illegel in the US due to the DMCA laws. He may be right, while I do not want to comment on this law.
SuSE is a German company. We _can_ provide details about security problems. If we know them. :-|
Right now it looks like the RedHat update addresses vulnerabilities in drivers for hardware, and it can be assumed that these bugs are DoS type attack scenarios (your box Oopses or panics).
-- Eat, sleep and go running, David Huecking. Encrypted eMail welcome! GnuPG/ PGP-Fingerprint: 3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216
As in the ssh case nothing exactly is been said on the vulnerability of the kernel.
Unlike the ssh case, this is a political issue. People do not want to be held liable by the US government for violating the DMCA. Personally, I don't think it's very likely, but some people are getting increasingly nervous about how this obscenely flexible law is being used recently. I can't find the list of issues ATM but those I remember were not really earth-shattering -- no remote kernel exploits or similar. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann
As Joerg said: It's "unstable". It might bitch at you in many ways.
We're working on updates. But it will take a few more days. Be patient.
I often work with these packages from Hubert and usually they run fine for me... I was just confused because I did not find the fix code from the kernel-2.4.19-sec file in Huberts RPMs, so I wasn't sure if the patch had been applied to this unstable tree or not...
There is a lot of work in these kernels - with more than 1000 kernel modules and 100MB+ code to compile, there are many ways that errors happen. Keep in mind that the SuSE kernels contain code that is not present in the official kernel tree (but might appear there in the future). Concerning the fixes: There are multiple flaws in there, yes. But if you worry about losing some bytes of memory if you unplug a joystick (just a demonstrative example) and consider this a security problem, I can't help you. There are thousands of flaws fixed in each SuSE product, and some others added in exchange. Over the time, they get smaller, and the products get better and better.
Anyway, I'll wait for the official update! Thanks! Frank
Grüße,
Roman.
--
- -
| Roman Drahtmüller
Roman Drahtmueller wrote:
There is a lot of work in these kernels - with more than 1000 kernel modules and 100MB+ code to compile, there are many ways that errors happen. Keep in mind that the SuSE kernels contain code that is not present in the official kernel tree (but might appear there in the future).
That's exactly why I like the SuSE kernels :-)
Concerning the fixes: There are multiple flaws in there, yes. But if you worry about losing some bytes of memory if you unplug a joystick (just a demonstrative example) and consider this a security problem, I can't help you.
Well, don't get me wrong... I didn't invertigate much, just seeing the hint for the fix for the 2.4.19 kernel and looking at this specific point without reading much about the vulnerability. It's just that you have an unconfident feeling when Heise writes about a kernel bug :-) I know that the SuSE kernels provide much stuff which is not official and often enough I really needed exactly this, so I will wait for the next release ;-) Best regards, Frank -- Dipl.-Inform. Frank Steiner mailto:fst@informatik.uni-kiel.de Lehrstuhl f. Programmiersprachen mailto:fsteiner@web.de CAU Kiel, Olshausenstraße 40 Phone: +49 431 880-7265, Fax: -7613 D-24098 Kiel, Germany http://www.informatik.uni-kiel.de/~fst/
participants (7)
-
David Huecking -
Frank Steiner -
Joerg Henner -
Mathias Homann -
Olaf Kirch -
Philippe Vogel -
Roman Drahtmueller