[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] kernel do_mremap local privilege escalation vulnerability

-----Original Message-----
From: Anthony Edwards <anthony.edwards@xxxxxxxxxxxxxx>
To: Olaf Kirch <okir@xxxxxxx>
Cc: suse-security@xxxxxxxx, Anthony Edwards <anthony.edwards@xxxxxxxxxxxxxx>
Date: Mon, 5 Jan 2004 22:18:44 +0000
Subject: Re: [suse-security] kernel do_mremap local privilege escalation

> On Mon, Jan 05, 2004 at 07:48:03PM +0100, Olaf Kirch wrote:
> > On Mon, Jan 05, 2004 at 08:34:22PM +0200, Radu Voicu wrote:
> > > "Yes, SuSE kernels are vulnerable to this one"
> > > "No, we don't know when the patch will be available"
> > > 
> > > Am I assuming right? :))
> > 
> > No, the second answer is indeed "now". FTP servers should be
> > in the process of syncing them from our staging server.
> There is something rather odd about this update.  I have attempted
> several times to update the system automatically this evening via YOU,
> however despite:
> anthony@catfish:~> rpm -qf /boot/vmlinuz
> k_deflt-2.4.20-101
> YOU repeatedly attempts to download and install k_athlon.  Obviously,
> since this is not what I want (the system is a Pentium III 550Mhz),
> I have aborted this update before completion in each case.

If you look at the actual file that it is downloading you will see that it
is the one that pertains to your currently running kernel.

I knew the packager screwed up by putting a name with the description. Why
not just call it kernel update instead of k_athlon update!


Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here