[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: status of getting security fixes into sarge

[Cc'ing debian-kernel for clarification]

Joey Hess wrote:
> Here are the ones the testing security team is currently tracking
> that are fixed in unstable but don't yet have a fix in sarge, plus a few
> others of interest:

It seems as if the local DoS in the a.out loader (only exploitable when
VM memory overcommitment is turned on) is still unfixed in kernel-source-
The changelog for 2.6.8-9 mentions another unrelated elf/a.out vulnarability,
but I can't find the proposed patch by Chris Wright in the diff.gz, so maybe
this has slipped through until now or fixed in a different way, I don't know:


Reply to: