Gentoo Archives: gentoo-security

From: kerin@×××××××××××××××.net
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] new kernel vulnerability in 2.2, 2.4 and 2.6 series
Date: Mon, 05 Jan 2004 18:17:47
Message-Id: 33222.10.0.0.133.1073326498.squirrel@serve.r2r.local
In Reply to: Re: [gentoo-security] new kernel vulnerability in 2.2, 2.4 and 2.6 series by Mike Frysinger
On Mon, 5 Jan 2004 12:55:11 -0500
Mike Frysinger <vapier@g.o> wrote:

> all kernels in portage should already be patched against do_brk() ... > read the ChangeLog
In fact, I believe the redhat-sources are still vulnerable. The explanation I got was that they're "not maintained". My opinion is quite simply that they should be patched or scrubbed - but not left as they are. As far as I know, they are the only sources that have been left in this condition (last update 03 Oct 2003). --Kerin Millar -- gentoo-security@g.o mailing list