acho difícil alguém bater esta velocidade!

To: Debian Users Portuguese <debian-user-portuguese@lists.debian.org>
Subject: acho difícil alguém bater esta velocidade!
From: Mario Olimpio de Menezes <mario@curiango.ipen.br>
Date: Mon, 5 Jan 2004 13:48:56 -0200
Message-id: <[🔎] 20040105154856.GC2792@curiango.ipen.br>
Mail-followup-to: Mario Olimpio de Menezes <mario@curiango.ipen.br>, Debian Users Portuguese <debian-user-portuguese@lists.debian.org>

Olá,

    acho que já estão sabendo da última vulnerabilidade do kernel
publicada hoje (05/01/2004).
    o mais interessante é que, algumas horas (talvez minutos) após a
publicação, vários bugfixes já estão sendo divulgados; um deles, da
RH, corrigindo as versões do kernel liberadas com as várias versões
de sua distro; outros estão sendo publicados também.
    abaixo alguns "pastes" para registro:

----------------------Publicação da vulnerabilidade----------------
Date: Mon, 5 Jan 2004 13:30:32 +0100 (CET)
From: Paul Starzetz <ihaquer@isec.pl>
Subject: [Full-Disclosure] Linux kernel mremap vulnerability
To: vulnwatch@vulnwatch.org, full-disclosure@lists.netsys.com,
        bugtraq@securityfocus.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Synopsis:  Linux kernel do_mremap local privilege escalation
vulnerability
Product:   Linux kernel
Version:   2.2, 2.4 and 2.6 series
Vendor:    http://www.kernel.org/
URL:       http://isec.pl/vulnerabilities/isec-0012-mremap.txt
CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985
Author:    Paul Starzetz <ihaquer@isec.pl>, Wojciech Purczynski
           <cliph@isec.pl>
Date:      January 5, 2004

----------------BugFix RedHat-----------------------
te: Mon, 5 Jan 2004 07:54 -0500
From: bugzilla@redhat.com
Subject: [Full-Disclosure] [RHSA-2003:417-01] Updated kernel resolves
security vulnerability
To: redhat-watch-list@redhat.com, bugtraq@securityfocus.com,
    full-disclosure@lists.netsys.com
Cc:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory
Synopsis:          Updated kernel resolves security vulnerability
Advisory ID:       RHSA-2003:417-01
Issue date:        2004-01-05
Updated on:        2004-01-05
Product:           Red Hat Linux
Keywords:
Cross references:
Obsoletes:
CVE Names:         CAN-2003-0984
CAN-2003-0985

----------------BugFix EnGarde Secure Linux----------------
Date: Mon, 5 Jan 2004 09:19:34 -0500 (EST)
From: EnGarde Secure Linux <security@guardiandigital.com>
Subject: [Full-Disclosure] [ESA-20040105-001] 'kernel' bug and security
fixes.
To: engarde-security@guardiandigital.com, bugtraq@securityfocus.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[... algumas linhas cortadas ...]



This update fixes two security issues and one critical bug in the Linux
Kernel shipped with EnGarde Secure Linux.
  
 A summary of the bugs fixed:
    
    * An EnGarde-specific memory leak in the LIDS code has been fixed.
          This memory leak could cause a machine, over time, to freeze
	  up.

    * A security vulnerability in the mremap(2) system call
      was recently discovered by Paul Starzetz.  The incorrect bounds
      checking done in this system call could be exploited by a local 
      user to gain root privileges.

    * The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the name CAN-2003-0985 to this issue.
					    

  Agora vamos esperar o debian liberar o seu advisory e correção.
 
--
Mario O.de Menezes, Ph.D.  "Many are the plans in a man's heart,
    but IPEN-CNEN/SP is the Lord's purpose that prevails"
http://www.ipen.br/~mario Prov. 19.21

Reply to:

Follow-Ups:
- Re: acho difícil alguém bater esta velocidade!
  - From: Rogério Neves Batata <batata@pr.gov.br>

Prev by Date: Re:Masquerading - nat
Next by Date: Re: ao moderador desta lista
Previous by thread: Re:Masquerading - nat
Next by thread: Re: acho difícil alguém bater esta velocidade!
Index(es):
- Date
- Thread