Kernel vulnerability
Dave Jones
davej at redhat.com
Sun Jul 16 11:45:32 UTC 2006
On Sun, Jul 16, 2006 at 11:51:20AM +0300, Avi Kivity wrote:
> Dave Jones wrote:
> >
> >Additionally, this exploit only works with kernels compiled with support
> >for a.out style executables, which Fedora isn't. I've got an update
> >building for 2.6.17.6 anyway, just to stop the inevitable "why hasn't
> >Fedora
> >been patched" questions.
> >
>
> Maybe you should send out a "not vulnerable" advisory instead.
> Needlessly patching systems is more work for you, for admins, and for
> users, and increases the risk of unwanted breakage.
Whilst we believe we've analysed all possible attack vectors for
this bug, there is always the possibility we've missed something, so
it's better safe than sorry.
Dave
--
http://www.codemonkey.org.uk
More information about the fedora-devel-list
mailing list