Mailinglist Archive: opensuse-security (394 mails)

< Previous Next >
Re: [suse-security] SUSE Security Announcement: gpg -> and kernel ? :)
  • From: "Olivier M." <qmail@xxxxxxxxxxxxx>
  • Date: Thu, 4 Dec 2003 11:32:16 +0100
  • Message-id: <20031204113216.I12245@xxxxxxxxxxxxx>
On Wed, Dec 03, 2003 at 03:23:06PM +0100, Roman Drahtmueller wrote:
> ______________________________________________________________________________
> SUSE Security Announcement
> Package: gpg
> ______________________________________________________________________________
> [...]
> 2) Pending vulnerabilities in SUSE Distributions and Workarounds:
>
> - kernel: brk() vulnerability
> All SUSE Linux kernels (except for the SUSE Linux Enterprise Server 8)
> are vulnerable to a privilege escalation vulnerability that can be
> exploited by an attacker who has local shell acccess to your system.
> We are in the process of testing the update packages for all of our
> products. The packages are expected to be released within hours and
> are being published as they are ready.

well well, according to http://lwn.net/Vulnerabilities/60820/ all the
majors linux distributors (RH, mdk, debian, etc.) execpted SuSE have
released fixed packages... And there is nothing about that threat
under http://www.suse.com/de/security/announcements/index.html yet.

Does your "within hours" means something before the end of the week?
With the exploits around (which allowed to crack of savannah.gnu.org
too), it would be nice if it could come out... :-) Otherwise I guess
we'll have to patch & fix & recompile the kernels "by hand".

Thanks & regards,
Olivier

< Previous Next >
References