Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

2.4.28
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
fjcostanza
n00b
n00b


Joined: 25 Feb 2005
Posts: 3
PostPosted: Wed Mar 02, 2005 12:34 pm    Post subject: 2.4.28 Reply with quote
Is the vulnerability in http://isec.pl/vulnerabilities/isec-0021-uselib.txt mentioned in any GLSA? I cannot find it anywhere. The latest stable 2.4 kernel in vanilla-sources is 2.4.28 which would be vulnerable to this problem. 2.4.29 addresses the vulnerability, but this is still in ~arch.

How would Gentoo users find out about kernel vulnerabilities if they are not listed in the GLSAs ?
Back to top
View user's profile Send private message
Koon
Retired Dev
Retired Dev


Joined: 10 Dec 2002
Posts: 518
PostPosted: Fri Mar 04, 2005 3:08 pm    Post subject: Re: 2.4.28 Reply with quote
fjcostanza wrote:
Is the vulnerability in http://isec.pl/vulnerabilities/isec-0021-uselib.txt mentioned in any GLSA? I cannot find it anywhere. The latest stable 2.4 kernel in vanilla-sources is 2.4.28 which would be vulnerable to this problem. 2.4.29 addresses the vulnerability, but this is still in ~arch.

How would Gentoo users find out about kernel vulnerabilities if they are not listed in the GLSAs ?


We are currently changing how kernel security fixes gets communicated to our users. We don't publish GLSAs for kernel fixes anymore because they were always too late. They will be replaced by a live information system to get alerts and global information on all current flaws and fixes called KISS. In the meantime (hopefully it will be ready very soon), we post to the gentoo-security mailing-list information on major fixes, and now I realize it should be a good idea to post it here too :

Quote:
As of today the following kernel sources are free of serious kernel vulnerabilities (serious being remote root, remote DoS or local root) :

- gentoo-sources / gentoo-dev-sources
- hardened-sources / hardened-dev-sources
- grsec-sources
- ck-sources

Use of the latest version of one of these sources is highly recommended in any security-sensitive setting.

Several others should be fixed soon, as they are currently only vulnerable to one serious vulnerability (the i386 SMP page fault handler privilege escalation, bug 77666) :

- ac-sources
- sparc-sources
- uclinux-sources
- usermode-sources
- win4lin-sources
- wolk-sources
- xbox-sources


Hope this helps,

- Koon / Gentoo Linux Security
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy