[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list]
Date: Wed, 21 Apr 2004 20:04:41 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-users@...ts.openwall.com
Subject: Re: Linux 2.4.26-ow1, 2.0.40-ow1; new Owl ISO; Owl 1.1-stable
Hi,
Sorry for my delayed response on this.
On Wed, Apr 21, 2004 at 02:22:11PM +0200, Tomasz Grabowski wrote:
> > There're no known major security fixes added with Linux 2.4.26.
>
> Yesterday, I found this advisory:
> http://isec.pl/vulnerabilities/isec-0015-msfilter.txt
Yes, -- and it came out only yesterday.
A question for which I and many others do not have a good answer yet
is why this one wasn't properly propagated to the Linux distribution
vendors (even the biggest ones did not receive proper advance
notification this time) while getting fixed in the mainstream kernel.
But I want to resolve this in private discussions rather than
speculate about it.
> It states that there is a serious security hole in 2.4.25 kernel.
> So, is 2.4.25-ow1 kernel immune to this vulnerabilty?
Unfortunately, no.
You really need to update to Linux 2.4.26-ow1.
--
Alexander Peslyak <solar@...nwall.com>
GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments
[ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux