Re: acho difícil alguém bater esta velocidade!
On Mon, 5 Jan 2004 13:48:56 -0200
Mario Olimpio de Menezes <mario@curiango.ipen.br> wrote:
mas já saiu! :-)
#>
#> Olá,
#>
#> acho que já estão sabendo da última vulnerabilidade do kernel
#> publicada hoje (05/01/2004).
#> o mais interessante é que, algumas horas (talvez minutos) após a
#> publicação, vários bugfixes já estão sendo divulgados; um deles, da
#> RH, corrigindo as versões do kernel liberadas com as várias versões
#> de sua distro; outros estão sendo publicados também.
#> abaixo alguns "pastes" para registro:
#>
#> ----------------------Publicação da vulnerabilidade----------------
#> Date: Mon, 5 Jan 2004 13:30:32 +0100 (CET)
#> From: Paul Starzetz <ihaquer@isec.pl>
#> Subject: [Full-Disclosure] Linux kernel mremap vulnerability
#> To: vulnwatch@vulnwatch.org, full-disclosure@lists.netsys.com,
#> bugtraq@securityfocus.com
#>
#> -----BEGIN PGP SIGNED MESSAGE-----
#> Hash: SHA1
#>
#> Synopsis: Linux kernel do_mremap local privilege escalation
#> vulnerability
#> Product: Linux kernel
#> Version: 2.2, 2.4 and 2.6 series
#> Vendor: http://www.kernel.org/
#> URL: http://isec.pl/vulnerabilities/isec-0012-mremap.txt
#> CVE:
#> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985
#> Author: Paul Starzetz <ihaquer@isec.pl>, Wojciech Purczynski
#> <cliph@isec.pl>
#> Date: January 5, 2004
#>
#> ----------------BugFix RedHat-----------------------
#> te: Mon, 5 Jan 2004 07:54 -0500
#> From: bugzilla@redhat.com
#> Subject: [Full-Disclosure] [RHSA-2003:417-01] Updated kernel resolves
#> security vulnerability
#> To: redhat-watch-list@redhat.com, bugtraq@securityfocus.com,
#> full-disclosure@lists.netsys.com
#> Cc:
#>
#> -----BEGIN PGP SIGNED MESSAGE-----
#> Hash: SHA1
#>
#> -
---------------------------------------------------------------------
#> Red Hat Security Advisory
#> Synopsis: Updated kernel resolves security vulnerability
#> Advisory ID: RHSA-2003:417-01
#> Issue date: 2004-01-05
#> Updated on: 2004-01-05
#> Product: Red Hat Linux
#> Keywords:
#> Cross references:
#> Obsoletes:
#> CVE Names: CAN-2003-0984
#> CAN-2003-0985
#>
#> ----------------BugFix EnGarde Secure Linux----------------
#> Date: Mon, 5 Jan 2004 09:19:34 -0500 (EST)
#> From: EnGarde Secure Linux <security@guardiandigital.com>
#> Subject: [Full-Disclosure] [ESA-20040105-001] 'kernel' bug and
security
#> fixes.
#> To: engarde-security@guardiandigital.com, bugtraq@securityfocus.com
#>
#> -----BEGIN PGP SIGNED MESSAGE-----
#> Hash: SHA1
#>
#> [... algumas linhas cortadas ...]
#>
#>
#>
#> This update fixes two security issues and one critical bug in the
Linux
#> Kernel shipped with EnGarde Secure Linux.
#>
#> A summary of the bugs fixed:
#>
#> * An EnGarde-specific memory leak in the LIDS code has been
fixed.
#> This memory leak could cause a machine, over time, to
freeze
#> up.
#>
#> * A security vulnerability in the mremap(2) system call
#> was recently discovered by Paul Starzetz. The incorrect bounds
#> checking done in this system call could be exploited by a local
#> user to gain root privileges.
#>
#> * The Common Vulnerabilities and Exposures project
(cve.mitre.org)
#> has assigned the name CAN-2003-0985 to this issue.
#>
#>
#> Agora vamos esperar o debian liberar o seu advisory e correção.
#>
#> --
#> Mario O.de Menezes, Ph.D. "Many are the plans in a man's heart,
#> but IPEN-CNEN/SP is the Lord's purpose that prevails"
#> http://www.ipen.br/~mario Prov. 19.21
#>
#>
#> --
#> To UNSUBSCRIBE, email to
debian-user-portuguese-request@lists.debian.org
#> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
--
Rogério Neves Batata (batata@pr.gov.br)
Companhia de Informática do Paraná - Celepar Linux User #87955
/"\
\ / Campanha da fita ASCII - contra mail html
X ASCII ribbon campaign - against html mail
/ \
Reply to: