Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 21 Apr 2004 20:04:41 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-users@...ts.openwall.com
Subject: Re: Linux 2.4.26-ow1, 2.0.40-ow1; new Owl ISO; Owl 1.1-stable

Hi,

Sorry for my delayed response on this.

On Wed, Apr 21, 2004 at 02:22:11PM +0200, Tomasz Grabowski wrote:
> > There're no known major security fixes added with Linux 2.4.26.
> 
> Yesterday, I found this advisory:
> http://isec.pl/vulnerabilities/isec-0015-msfilter.txt

Yes, -- and it came out only yesterday.

A question for which I and many others do not have a good answer yet
is why this one wasn't properly propagated to the Linux distribution
vendors (even the biggest ones did not receive proper advance
notification this time) while getting fixed in the mainstream kernel.
But I want to resolve this in private discussions rather than
speculate about it.

> It states that there is a serious security hole in 2.4.25 kernel.
> So, is 2.4.25-ow1 kernel immune to this vulnerabilty?

Unfortunately, no.

You really need to update to Linux 2.4.26-ow1.

-- 
Alexander Peslyak <solar@...nwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.