Re: Security holes in 2.4.25?

To: debian-security@lists.debian.org
Subject: Re: Security holes in 2.4.25?
From: Matt Zimmerman <mdz@debian.org>
Date: Sun, 18 Apr 2004 09:44:00 -0700
Message-id: <[🔎] 20040418164400.GU12830@alcor.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20040414211628.GX7041@riseup.net>
References: <[🔎] 20040414211628.GX7041@riseup.net>

On Wed, Apr 14, 2004 at 04:16:28PM -0500, Micah Anderson wrote:

> With the rash of security gaffs in the kernel related to mmap and
> mremap, does it make anyone else nervous to see the following in the
> changelog for 2.4.26:
> 
> o mremap NULL pointer dereference fix
> 
> If this was a security concern, would it be noted in the changelog? 

Not generally, no.  The kernel maintainers are notorious for obscuring such
things.

> Additionally, the 2.4.25 kernel seems to have a local root exploit for
> CDROMs: http://lwn.net/Articles/80480/

See DSA-479.

-- 
 - mdz

Reply to:

References:
- Security holes in 2.4.25?
  - From: Micah Anderson <micah@riseup.net>

Prev by Date: Re: syslog.conf question
Next by Date: Re: suid
Previous by thread: Re: Security holes in 2.4.25?
Next by thread: Latest kernel security upgrade in woody is BROKEN! DO NOT INSTALL!
Index(es):
- Date
- Thread