On Mon, 5 Jan 2004 13:48:56 -0200 Mario Olimpio de Menezes <[EMAIL PROTECTED]> wrote:
mas já saiu! :-) #> #> Olá, #> #> acho que já estão sabendo da última vulnerabilidade do kernel #> publicada hoje (05/01/2004). #> o mais interessante é que, algumas horas (talvez minutos) após a #> publicação, vários bugfixes já estão sendo divulgados; um deles, da #> RH, corrigindo as versões do kernel liberadas com as várias versões #> de sua distro; outros estão sendo publicados também. #> abaixo alguns "pastes" para registro: #> #> ----------------------Publicação da vulnerabilidade---------------- #> Date: Mon, 5 Jan 2004 13:30:32 +0100 (CET) #> From: Paul Starzetz <[EMAIL PROTECTED]> #> Subject: [Full-Disclosure] Linux kernel mremap vulnerability #> To: [EMAIL PROTECTED], full-disclosure@lists.netsys.com, #> bugtraq@securityfocus.com #> #> -----BEGIN PGP SIGNED MESSAGE----- #> Hash: SHA1 #> #> Synopsis: Linux kernel do_mremap local privilege escalation #> vulnerability #> Product: Linux kernel #> Version: 2.2, 2.4 and 2.6 series #> Vendor: http://www.kernel.org/ #> URL: http://isec.pl/vulnerabilities/isec-0012-mremap.txt #> CVE: #> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0985 #> Author: Paul Starzetz <[EMAIL PROTECTED]>, Wojciech Purczynski #> <[EMAIL PROTECTED]> #> Date: January 5, 2004 #> #> ----------------BugFix RedHat----------------------- #> te: Mon, 5 Jan 2004 07:54 -0500 #> From: [EMAIL PROTECTED] #> Subject: [Full-Disclosure] [RHSA-2003:417-01] Updated kernel resolves #> security vulnerability #> To: [EMAIL PROTECTED], bugtraq@securityfocus.com, #> full-disclosure@lists.netsys.com #> Cc: #> #> -----BEGIN PGP SIGNED MESSAGE----- #> Hash: SHA1 #> #> - --------------------------------------------------------------------- #> Red Hat Security Advisory #> Synopsis: Updated kernel resolves security vulnerability #> Advisory ID: RHSA-2003:417-01 #> Issue date: 2004-01-05 #> Updated on: 2004-01-05 #> Product: Red Hat Linux #> Keywords: #> Cross references: #> Obsoletes: #> CVE Names: CAN-2003-0984 #> CAN-2003-0985 #> #> ----------------BugFix EnGarde Secure Linux---------------- #> Date: Mon, 5 Jan 2004 09:19:34 -0500 (EST) #> From: EnGarde Secure Linux <[EMAIL PROTECTED]> #> Subject: [Full-Disclosure] [ESA-20040105-001] 'kernel' bug and security #> fixes. #> To: [EMAIL PROTECTED], bugtraq@securityfocus.com #> #> -----BEGIN PGP SIGNED MESSAGE----- #> Hash: SHA1 #> #> [... algumas linhas cortadas ...] #> #> #> #> This update fixes two security issues and one critical bug in the Linux #> Kernel shipped with EnGarde Secure Linux. #> #> A summary of the bugs fixed: #> #> * An EnGarde-specific memory leak in the LIDS code has been fixed. #> This memory leak could cause a machine, over time, to freeze #> up. #> #> * A security vulnerability in the mremap(2) system call #> was recently discovered by Paul Starzetz. The incorrect bounds #> checking done in this system call could be exploited by a local #> user to gain root privileges. #> #> * The Common Vulnerabilities and Exposures project (cve.mitre.org) #> has assigned the name CAN-2003-0985 to this issue. #> #> #> Agora vamos esperar o debian liberar o seu advisory e correção. #> #> -- #> Mario O.de Menezes, Ph.D. "Many are the plans in a man's heart, #> but IPEN-CNEN/SP is the Lord's purpose that prevails" #> http://www.ipen.br/~mario Prov. 19.21 #> #> #> -- #> To UNSUBSCRIBE, email to [EMAIL PROTECTED] #> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Rogério Neves Batata ([EMAIL PROTECTED]) Companhia de Informática do Paraná - Celepar Linux User #87955 /"\ \ / Campanha da fita ASCII - contra mail html X ASCII ribbon campaign - against html mail / \