[SECURITY] Updated Fedora Core 1 kernel packages.
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Fri Dec 5 18:59:04 UTC 2003
Am Fr, den 05.12.2003 schrieb Leonard den Ottolander um 19:32:
> Hi Alex,
>
> > > How about the do_brk() vulnerability that was fixed for the Red Hat Linux
> > > kernels? Is the Fedora kernel not vulnerable for this overflow?
> >
> > It is not vulnerable.
>
> Why is that? It is a 2.4.22 kernel.
>
> Bye,
> Leonard.
See Jacub's answer from Tuesday this week on this list:
On Tue, Dec 02, 2003 at 03:22:27PM -0500, Henry Hartley wrote:
>
> I have a RH9 machine that hasn't been upgraded to FC1 yet as well as
three
> FC1 machines. I just got an Errata Alert from Red Hat about a 2.4
kernal
> fix for a privilege escalation security vulnerability
(RHSA-2003:392-05 /
> CAN-2003-0961). Does this apply to the 2.4.22 kernel in FC1 and if
so, is
> there a fix for this in the Fedora repositories? I haven't seen
anything in
> fedora-announce. Or do I just need to be a bit more patient?
2.4.22-1.2115.nptl kernel in FC1 is not vulnerable to this issue.
See linux-2.4.18-smallpatches.patch patch in
kernel-2.4.22-1.2115.nptl.src.rpm (mm/mmap.c change).
Jakub
Alexander
--
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20031205/e5f1948c/attachment-0001.sig>
More information about the fedora-list
mailing list