last week there was a BIND vulnerability fix. I figured the fixes for RH should at least have been released already but they are not. Nor have I found mention in Fedoras lists. For now Ive compiled from sources until fixed rpms are available.
Earlier today debian released updated kernel fixes that fix a user-space vulnerability in the kernel. Whats wierd is this was already noted and fixed in the 2.4.23 kernel (found in september). The current kernel does not appear to have this patch that addresses the do_brk() function in mmpap.c (although theres arguments on some lists as to whether the 2.4.18-mmap-sem-debug.patch addressed this in the past).
Ive already unsubscribed from the RH lists and moved to this one but I know some RH people help out alot here.
Is there any information on when these patches will be coming out?
Also, since the kernel security issue was fixed in the 2.4.23 kernel in september was there a reason for it not being already backported already?
Thanks,
Greg
On Mon, 2003-12-01 at 18:18, fedora wrote:
last week there was a BIND vulnerability fix. I figured the fixes for RH
There was? For BIND 9? Do you have a reference?
Last BIND update I see was a maintenance release of 9.2.3 in October, and I can't seem to find anything in CERT's database.
Also, since the kernel security issue was fixed in the 2.4.23 kernel in september was there a reason for it not being already backported already?
I would like to see a kernel with the do_brk() patch, but 2.4.23 only came out a few days ago, not in September.
On Tue, 2003-12-02 at 01:30, Joshua Penix wrote:
I would like to see a kernel with the do_brk() patch, but 2.4.23 only came out a few days ago, not in September.
FC1 isn't vulnerable. RHL 7/8/9 kernels will be coming soon.
Dave
fedora (fedora@packetstorm.org) said:
last week there was a BIND vulnerability fix.
For BIND 8, yes. Fedora Core ships with BIND 9. Unless you're talking about a different fix from last week.
Earlier today debian released updated kernel fixes that fix a user-space vulnerability in the kernel. Whats wierd is this was already noted and fixed in the 2.4.23 kernel (found in september). The current kernel does not appear to have this patch that addresses the do_brk() function in mmpap.c (although theres arguments on some lists as to whether the 2.4.18-mmap-sem-debug.patch addressed this in the past).
The Fedora Core 1 kernel is not vulnerable to this issue, AFAIK.
Bill
For BIND 8, yes. Fedora Core ships with BIND 9. Unless you're talking about a different fix from last week.
Ah yeah thats a good point on why I havent seen a patch. :) Ive got a few customers on Sparcs forced to still run the 8.x branch due to some internal dependencies and i already recompiled from sources and fixed them. For some reason I thought it was all versions of bind, thanks for the clarification on that. Since bind 9 ships with Rh theres no wonder theres not a fix for RH for bind 8 :)
-Greg
Administration is very tricky.
Bob
fedora wrote:
For BIND 8, yes. Fedora Core ships with BIND 9. Unless you're talking about a different fix from last week.
Ah yeah thats a good point on why I havent seen a patch. :) Ive got a few customers on Sparcs forced to still run the 8.x branch due to some internal dependencies and i already recompiled from sources and fixed them. For some reason I thought it was all versions of bind, thanks for the clarification on that. Since bind 9 ships with Rh theres no wonder theres not a fix for RH for bind 8 :)
-Greg
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
Am Di, den 02.12.2003 schrieb fedora um 03:18:
last week there was a BIND vulnerability fix. I figured the fixes for RH should at least have been released already but they are not. Nor have I found mention in Fedoras lists. For now Ive compiled from sources until fixed rpms are available.
Earlier today debian released updated kernel fixes that fix a user-space vulnerability in the kernel. Whats wierd is this was already noted and fixed in the 2.4.23 kernel (found in september). The current kernel does not appear to have this patch that addresses the do_brk() function in mmpap.c (although theres arguments on some lists as to whether the 2.4.18-mmap-sem-debug.patch addressed this in the past).
Ive already unsubscribed from the RH lists and moved to this one but I know some RH people help out alot here.
Is there any information on when these patches will be coming out?
Also, since the kernel security issue was fixed in the 2.4.23 kernel in september was there a reason for it not being already backported already?
Thanks,
Greg
https://rhn.redhat.com/errata/RHSA-2003-392.html
Alexander
-
Alexander Dalloz -
Bill Nottingham -
Dave Jones -
fedora -
Joshua Penix -
Robert L Cochran