Gentoo Archives: gentoo-security

From: Viktors Rotanovs <Viktors@××××××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Kernel-related GLSA lag
Date: Tue, 02 Mar 2004 09:41:23
In Reply to: [gentoo-security] Kernel-related GLSA lag by Koon
1 Koon wrote:
2 > From what I know, the GLSA announcing the Feb 18 do_mremap kernel
3 > vulnerability is still not out, though most (if not all) of the packages
4 > implementing the correction are available in portage. I think we've a
5 > problem here which should be addressed.
7 The situation is even worse, after Feb 18 there was plenty of time to
8 release GLSA, but yesterday public exploit was posted on BUGTRAQ and now
9 systems can be cracked even by script kiddies in minutes. Just imagine
10 how bad it can be for web servers hosting phpBB and other web
11 applications with awful security history.
13 Since writing GLSA takes some precious time, would it be better to mark
14 security-related ebuilds as such and just give a link to original advisory?
16 > - Koon
18 Best Wishes,
19 Viktors
22 --
23 gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] Kernel-related GLSA lag Koon <koon@××××××.net>