Security holes in 2.4.25?

To: debian-security@lists.debian.org
Subject: Security holes in 2.4.25?
From: Micah Anderson <micah@riseup.net>
Date: Wed, 14 Apr 2004 16:16:28 -0500
Message-id: <[🔎] 20040414211628.GX7041@riseup.net>

With the rash of security gaffs in the kernel related to mmap and
mremap, does it make anyone else nervous to see the following in the
changelog for 2.4.26:

o mremap NULL pointer dereference fix

If this was a security concern, would it be noted in the changelog? 

Additionally, the 2.4.25 kernel seems to have a local root exploit for
CDROMs: http://lwn.net/Articles/80480/

micah

---- 
"Naturally, the common people don't want war, but after all, it
is the leaders of a country who determine the policy...Voice or no
voice, the people can always be brought to the bidding of the leaders.
This is easy.  All you have to do is to tell them they are being
attacked, and denounce the pacifists for lack of patriotism and
exposing the country to danger. It works the same in every country."
                                                  -- Goering, Nuremburg trial

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Security holes in 2.4.25?
  - From: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
- Re: Security holes in 2.4.25?
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)
Next by Date: Re: logcheck.ignore entries
Previous by thread: Re: [SECURITY] [DSA 483-1] New mysql packages fix insecure temporary file creation
Next by thread: Re: Security holes in 2.4.25?
Index(es):
- Date
- Thread