[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] SUSE Security Announcement: gpg -> and kernel ? :)
On Wed, Dec 03, 2003 at 03:23:06PM +0100, Roman Drahtmueller wrote:
> SUSE Security Announcement
> Package: gpg
> 2) Pending vulnerabilities in SUSE Distributions and Workarounds:
> - kernel: brk() vulnerability
> All SUSE Linux kernels (except for the SUSE Linux Enterprise Server 8)
> are vulnerable to a privilege escalation vulnerability that can be
> exploited by an attacker who has local shell acccess to your system.
> We are in the process of testing the update packages for all of our
> products. The packages are expected to be released within hours and
> are being published as they are ready.
well well, according to http://lwn.net/Vulnerabilities/60820/ all the
majors linux distributors (RH, mdk, debian, etc.) execpted SuSE have
released fixed packages... And there is nothing about that threat
under http://www.suse.com/de/security/announcements/index.html yet.
Does your "within hours" means something before the end of the week?
With the exploits around (which allowed to crack of savannah.gnu.org
too), it would be nice if it could come out... :-) Otherwise I guess
we'll have to patch & fix & recompile the kernels "by hand".
Thanks & regards,
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here