|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Red Hat IA64 products still missing fixes for the ptrace vs kmod vulnerability
From: Christoph Hellwig (hch
infradead.org)
Date: Wed Apr 30 2003 - 06:28:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
It seems redhat still hasn't manged to make any of their IA64 products
immune against CAN-2003-0127.
For RH AS2.1 (and it's crippled corporate newspeak variations) a kernel
errata was released only for x86 but noa IA64, as in
https://rhn.redhat.com/errata/RHSA-2003-103.html
for RH 7.x on IA64 there was an kernel updated released, 2.4.9-41 whos
only change over the previous version is the addition of a patch,
linux-2.4.9-ptrace-harden.patch that seems to fix this exploit, but
if you look at the specfile this patch isn't actually applied as part
of the build process ( note the comment in the %patch line!):
# harden ptrace
# %patch2480 -p1
I have informed Red Hat about this shortly after the package was released
and was told this has been forwarded to the responsible maintainer, but
nothing has happened yet..
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]