On Tue Feb 13, 2001 at 10:40:33AM -0500, Matthew Micene wrote:

> There has been traffic on the bugtraq mailing list about three
> vulnerablities in the kernel that is distributed by various vendors
> (Immunix and RedHat are the two I have found so far) as well as an
> explanation by Chris Evans on Feb. 9. As of yet I have seen nothing from
> Mandrake about whether or not this is a problem for the distros we use.
> Is there an official party line about the sysctl() call vulnerability yet?
> Are there any recommendations concerning this vulnerability?
>
> Thanks for the time

Yes, Mandrake is vulnerable. Every kernel is vulnerable, from every
vendor. This is a problem in the kernel itself.

A fix is being worked on. You can understand this is a little time
consuming due to the number of problems that can come from a hasty
kernel update. It is taking a little longer because we want to ensure
that the kernels work properly before making them available.

Since this is a local vulnerability, you should not have to worry
about it unless your system is already compromised, but updated
kernels will be available this week.

-- 
vdanenmandrakesoft.com, OpenPGP key available on www.keyserver.net
1024D/FE6F2AFD   88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD
 - Danen Consulting Services    www.danen.net, www.freezer-burn.org
 - MandrakeSoft, Inc. Security  www.linux-mandrake.com
Current Linux kernel 2.4.1-5mdk uptime: 3 days 9 hours 47 minutes.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]