Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release

[Jan Lühr <jluehr@gmx.net>]

Greetings,

Am Mittwoch, 12. Januar 2005 18:27 schrieb Sam Morris:
> Jan Lühr wrote:
> > Greetings,
> >
> > things seem to be in a rush right now, and I'm looking for a little
> > overview. In the past 1-2 months several kernel exploits rushed through
> > the news that might / can / probably will affect debian stable. However,
> > I haven't seen any signle DSA regarding the following issues: Can you
> > please give me an overview:  Which problems do affected
> > kernel-source-2,4.18? - If so, what is the current status of the
> > according DSA? Because of running an
> > terminal-Server I'd like to know, what's going on at these issues.
>
> Add CAN-2004-0554 as well--bug #261521 has been open against
> kernel-image-2.4.18-1-i386 (but not against kernel-image-2.4.18-i386)
> since July wish no updates.

Uhoh. I tend to use 4-letter words, but this would be highly inappropriate. If 
it's true, can someone from the official security / kernel team post an 
official statement on this issue, please?
It was scared, when I saw a CAN Id from 1999 in 2004 when a squid bug was 
fixed, but this quite serious.
But anyway, it's not my point to critize the work of the teams. I don't know 
how to fix it, I don't the reasons for not fixing it already.
@who-ever-is-in-charge-with this. Please state your reasons and give a view on 
comming DSAs.
   
> I believe someone posted here a few months ago asking about the bug, and
> was told that updates were being prepared--but that has not yet happened.
> :(

Release Sarge! - and I will switch to testing using the freebsd kernel. 
Hopefully, things are not that mad then :°°°°-(

keep smiling
yanosz