[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Faille du noyau Linux

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hého a écrit :
> Allaedine El Banna a écrit, le 05.11.2009 21:11 :
>> il semble qu'il suffise désormais de mettre à jour sa Debian Lenny pour 
>> ne plus subir ce trou de sécurité (annonce DSA 1927-1).

Non : comme c'est écrit en début de DSA : ce sera pour 5.0.4, et il y a
un lien pour combler la faille localement...

- ----------------------------------------------------------------------
Debian Security Advisory DSA-1927-1                security@debian.org
http://www.debian.org/security/                           dann frazier
November 5, 2009                    http://www.debian.org/security/faq
- ----------------------------------------------------------------------

Package        : linux-2.6
Vulnerability  : privilege escalation/denial of service/sensitive memory
leak
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2009-3228 CVE-2009-3238 CVE-2009-3547 CVE-2009-3612
                 CVE-2009-3620 CVE-2009-3621 CVE-2009-3638

Notice: Debian 5.0.4, the next point release of Debian 'lenny', will
include a new default value for the mmap_min_addr tunable.  This
change will add an additional safeguard against a class of security
vulnerabilities known as "NULL pointer dereference" vulnerabilities,
but it will need to be overridden when using certain applications.
Additional information about this change, including instructions for
making this change locally in advance of 5.0.4 (recommended), can be
found at:
  http://wiki.debian.org/mmap_min_addr

[...]

Amicalement

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkrzXHgACgkQ18/WetbTC/rtaQCeJa5R9DuKKO0eDoV4pHJSyVmh
EdcAniMPwnvYVuAA0ktf1rWmbXCnOGbo
=eb6/
-----END PGP SIGNATURE-----
Reply to: