Am Fr, den 05.12.2003 schrieb Leonard den Ottolander um 19:32:
> Hi Alex,
>
> > > How about the do_brk() vulnerability that was fixed for the Red Hat Linux
> > > kernels? Is the Fedora kernel not vulnerable for this overflow?
> >
> > It is not vulnerable.
>
> Why is that? It is a 2.4.22 kernel.
>
> Bye,
> Leonard.
See Jacub's answer from Tuesday this week on this list:
On Tue, Dec 02, 2003 at 03:22:27PM -0500, Henry Hartley wrote:
>
> I have a RH9 machine that hasn't been upgraded to FC1 yet as well as
three
> FC1 machines. I just got an Errata Alert from Red Hat about a 2.4
kernal
> fix for a privilege escalation security vulnerability
(RHSA-2003:392-05 /
> CAN-2003-0961). Does this apply to the 2.4.22 kernel in FC1 and if
so, is
> there a fix for this in the Fedora repositories? I haven't seen
anything in
> fedora-announce. Or do I just need to be a bit more patient?
2.4.22-1.2115.nptl kernel in FC1 is not vulnerable to this issue.
See linux-2.4.18-smallpatches.patch patch in
kernel-2.4.22-1.2115.nptl.src.rpm (mm/mmap.c change).
Jakub
Alexander
--
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
