Re: RHN icon problem [this response is regarding the CAN-2005-1263 question]

["bob" <sdcbob sbcglobal net>]

Question in the meantime, does everyone else use up2date for there kernel 
upgrades or the majority ?
On my slackware boxes i install them manually so when this bug came out i 
just patch -p0 >>
With this backported kernel can you do the same? Ive only ran this redhat 
box for over 2months now just
now getting the hang of it, Havnt seen a redhat box since 5.1 oh the changes 
=)

-bob

----- Original Message ----- 
From: "Stephen Gardner" <stephen-rhel uk org>
To: "Discussion of Red Hat Enterprise Linux 3 (Taroon)" 
<taroon-list redhat com>
Sent: Wednesday, May 11, 2005 7:40 PM
Subject: Re: RHN icon problem [this response is regarding the CAN-2005-1263 
question]


> On Wed, 11 May 2005, bob wrote:
>
> > i know this is off the topic but
> > Synopsis:  Linux kernel ELF core dump privilege elevation
> > Product:   Linux kernel
> > Version:   2.2 up to and including 2.2.27-rc2, 2.4 up to and including
> >         2.4.31-pre1, 2.6 up to and including 2.6.12-rc4
> > Vendor:    http://www.kernel.org/
> > URL:       http://isec.pl/vulnerabilities/isec-0023-coredump.txt
> > CVE:       CAN-2005-1263
> > Severity:  local(9)
> > Author:    Paul Starzetz <ihaquer isec pl>
> > Date:      May 11, 2005
> >
> > when will up2date have a fix for this ?
> >
> > -bob
>
> Bob,
>   This went into Bugzilla (id: 157451) shortly after it was posted. A 
> RHEL4 bug was opened (id:157450) with a source patch. 6 hours later Ernie 
> Petrides posted a backported patch (internally from what I can tell) for 
> review. Looks like this is very much a priority patch judging by the 
> progress so far and I doubt it'll take long to emerge as a new kernel 
> package.
>
> Regards,
>    Stephen
>
> --
> Taroon-list mailing list
> Taroon-list redhat com
> http://www.redhat.com/mailman/listinfo/taroon-list