vuln needs investigation and need a new form
seth vidal
skvidal at phy.duke.edu
Mon Jan 12 18:34:42 UTC 2004
On Mon, 2004-01-12 at 12:29, Jason wrote:
> On Mon, Jan 12, 2004 at 09:14:28AM -0800, Jesse Keating wrote:
> Content-Description: signed data
> > On Monday 12 January 2004 08:53, Jason wrote:
> > > Seth posted a src.rpm to the list a week or so ago for cvs to fix a
> > > more serious root exploit vuln. I was in the process of verifying it
> > > to submit to the bugzilla, so I can check this out as well and patch
> > > it in.
> >
> > You know what? I wonder if this is the same vuln.... I could be just
> > cracked in the head.
>
> It's not .. one is a directory creation problem.. and one is a broken
> switch_to_user routine, allowing switching to the root user.
>
killed the old patch, applied the one from the rh9 errata, now both bugs
have been treated.
posted at:
http://linux.duke.edu/~skvidal/RPMS/cvs/
-sv
More information about the fedora-legacy-list
mailing list