Warning! There are serious problems with all Linux kernels prior to version 2.2.19. Among these are possibilities for local denial of service or root exploits by exercising race conditions between the ptrace, exec, and/or suid system calls. Programs which exploit these problems have existed since middle of april. See www.securityfocus.com/bugtraq/archive for more info. A SuSE Security Announcement and a new kernel rpm are needed! Best regards Martin
Or instead of digging through securityfocus's website (which is hell to navigate =) you can read our nice weekly linux digest: http://www.securityportal.com/topnews/weekly/linux.html kernel 2.2.x and 2.4.x advisories are in: http://securityportal.com/topnews/weekly/linux20010423.html which was 2 weeks ago.... Kurt Seifried, seifried@securityportal.com Securityportal - your focal point for security on the 'net
* Martin Fahlgren wrote on Mon, May 07, 2001 at 11:09 +0200:
There are serious problems with all Linux kernels prior to version 2.2.19.
The first exploit which was made public via buqtraq came already at Tue, 27 Mar 2001 14:05:54 +0200 but was delayed until the release of 2.2.19 to give the vendors time to prepare updates.
A SuSE Security Announcement and a new kernel rpm are needed!
I asked at this list already serveral times but AFAIK there was no satisfying reaction from SuSE. Seems that you are on your own... BTW, I would prefere to read a statement from SuSE... But maybe all package builder and security engineers are on holiday since March, who knows ;) oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
participants (3)
-
Kurt Seifried -
Martin Fahlgren -
Steffen Dettmer