[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] kernel do_mremap local privilege escalation vulnerability



Yes, that worried me too, as YOU was running.
However it actually installed k_deflt which is fine for my AMD K6-500
system.
I am runnung SuSE Linux 8.2.
Rebooted OK also.

I presumed the comments about a YOU update not being available ONLY related
to 8.1.

Philip

----- Original Message -----
From: "Anthony Edwards" <anthony.edwards@xxxxxxxxxxxxxx>
To: "Olaf Kirch" <okir@xxxxxxx>
Cc: <suse-security@xxxxxxxx>; "Anthony Edwards"
<anthony.edwards@xxxxxxxxxxxxxx>
Sent: Monday, January 05, 2004 10:18 PM
Subject: Re: [suse-security] kernel do_mremap local privilege escalation
vulnerability


> On Mon, Jan 05, 2004 at 07:48:03PM +0100, Olaf Kirch wrote:
> > On Mon, Jan 05, 2004 at 08:34:22PM +0200, Radu Voicu wrote:
> > > "Yes, SuSE kernels are vulnerable to this one"
> > > "No, we don't know when the patch will be available"
> > >
> > > Am I assuming right? :))
> >
> > No, the second answer is indeed "now". FTP servers should be
> > in the process of syncing them from our staging server.
>
> There is something rather odd about this update.  I have attempted
> several times to update the system automatically this evening via YOU,
> however despite:
>
> anthony@catfish:~> rpm -qf /boot/vmlinuz
> k_deflt-2.4.20-101
>
> YOU repeatedly attempts to download and install k_athlon.  Obviously,
> since this is not what I want (the system is a Pentium III 550Mhz),
> I have aborted this update before completion in each case.
>
> Does anyone know what is causing this, and what the fix might be
> (obviously I could download the k_deflt package and install it
> manually, but prefer to use YOU wherever possible)?
>
> TIA.
>
> --
> Anthony Edwards
> anthony.edwards@xxxxxxxxxxxxx
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>
>


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here