OpenSSL & kernel RPMs?
David Eisenstein
deisenst at gtw.net
Mon Oct 9 23:57:10 UTC 2006
hkg at chello.at wrote:
> Anybody?
>
> Hans wrote:
>
>>Hi,
>>
>>When will an RPM for FC3 fixing OpenSSL ASN.1 Remote Buffer Overflow (CVE-2006-3738) be available?
>>Also, was the local kernel vulnerability CVE-2006-3745 ever fixed for FC3 with SMP support?
>>I didn't see any announcements on http://www.fedoralegacy.org/updates/FC3/.
>>
>>thanks,
>>Hans
>
>
> thanks in advance,
> Hans
Hi Hans,
Work is being done.
* I am working with OpenSSL ASN.1 Remote Buffer Overflow (CVE-2006-3738):
See Bugzilla #209116,
<https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209116>.
* There is a FC3 kernel bug open. Marc Deslauriers, who has already put
in quite a bit of work on the FC3 kernel and submitted it for PUBLISH
QA (which no one ever did), says new kernel issues have appeared since
his submission of August 2nd. It needs work. See Bugzilla #200034:
<https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200034>.
I don't see CVE-2006-3745 among the vulnerabilities listed that have so far
been worked into an updated FC3 kernel package. Maybe it's among the new
issues that yet need to be addressed? Hans, maybe you can add the patch
for it (or at least indicate where the patch can be found in the bugzilla
ticket 200034) as a contribution to the Legacy project? It would be nice
if you do so. Thanks!
Hope this helps. -David
More information about the fedora-legacy-list
mailing list