[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpenSSL & kernel RPMs?



hkg chello at wrote:
> Anybody?
> 
> Hans wrote:
> 
>>Hi,
>>
>>When will an RPM for FC3 fixing OpenSSL ASN.1 Remote Buffer Overflow (CVE-2006-3738) be available?
>>Also, was the local kernel vulnerability CVE-2006-3745 ever fixed for FC3 with SMP support?
>>I didn't see any announcements on http://www.fedoralegacy.org/updates/FC3/.
>>
>>thanks,
>>Hans
> 
> 
> thanks in advance,
> Hans

Hi Hans,

Work is being done.

  * I am working with OpenSSL ASN.1 Remote Buffer Overflow (CVE-2006-3738):
    See Bugzilla #209116,
    <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209116>.

  * There is a FC3 kernel bug open.  Marc Deslauriers, who has already put
    in quite a bit of work on the FC3 kernel and submitted it for PUBLISH
    QA (which no one ever did), says new kernel issues have appeared since
    his submission of August 2nd.  It needs work.  See Bugzilla #200034:
    <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200034>.

I don't see CVE-2006-3745 among the vulnerabilities listed that have so far
been worked into an updated FC3 kernel package.  Maybe it's among the new
issues that yet need to be addressed?  Hans, maybe you can add the patch
for it (or at least indicate where the patch can be found in the bugzilla
ticket 200034) as a contribution to the Legacy project?  It would be nice
if you do so.  Thanks!

Hope this helps.		-David


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]