Re: vmsplice bug, javascript vulnerable ?

To: Debian User List <debian-user@lists.debian.org>
Subject: Re: vmsplice bug, javascript vulnerable ?
From: "Mumia W.." <paduille.4061.mumia.w+nospam@earthlink.net>
Date: Wed, 26 Mar 2008 07:33:49 -0500
Message-id: <[🔎] 47EA42AD.8070101@earthlink.net>
In-reply-to: <[🔎] 47EA1C9D.4050401@actrix.gen.nz>
References: <[🔎] 47EA1C9D.4050401@actrix.gen.nz>

On 03/26/2008 04:51 AM, C.T.F. Jansen wrote:

Greetings,
        Regarding the root compromise in Debian 4.0R1, DSA 1491-1,
relating to vserver and vmsplice. Can one disable this feature or not
enable it, without breaking the kernel or anything else ?
Is it possible for remote programs, say a website that one is browsing
with javascript turned on [shudder], to do the vserver/vmsplice root
compromise or otherwise use it to degrade the system in some way ?
Thanks in advance.

frank.jansen@actrix.gen.nz, ZL2TTS


Surely you're not talking about this:
http://www.debian.org/security/2008/dsa-1491

But instead you meant to discuss this:
http://www.debian.org/security/2008/dsa-1494

Debian seem to have backported the fix to their

version of Linux 2.6. If you have security.debian.org in yoursources.list and you've updated, you should be safe.


I can't directly answer your question however.

Reply to:

References:
- vmsplice bug, javascript vulnerable ?
  - From: "C.T.F. Jansen" <frank.jansen@actrix.gen.nz>

Prev by Date: Re: Adobe acroread upgrade breaks links, and a FIX
Next by Date: Re: Tunnel iceweasel?
Previous by thread: vmsplice bug, javascript vulnerable ?
Next by thread: Re: vmsplice bug, javascript vulnerable ?
Index(es):
- Date
- Thread