[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: vmsplice bug, javascript vulnerable ?

On 03/26/2008 04:51 AM, C.T.F. Jansen wrote:
        Regarding the root compromise in Debian 4.0R1, DSA 1491-1,
relating to vserver and vmsplice. Can one disable this feature or not
enable it, without breaking the kernel or anything else ?
Is it possible for remote programs, say a website that one is browsing
with javascript turned on [shudder], to do the vserver/vmsplice root
compromise or otherwise use it to degrade the system in some way ?
Thanks in advance.

frank.jansen@actrix.gen.nz, ZL2TTS

Surely you're not talking about this:

But instead you meant to discuss this:

Debian seem to have backported the fix to their
version of Linux 2.6. If you have security.debian.org in your sources.list and you've updated, you should be safe.

I can't directly answer your question however.

Reply to: