Fwd: Linux Broadcom 5820 Cryptonet Driver Integer Overflow
Jesse Keating
jkeating at j2solutions.net
Fri Jul 2 14:37:45 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday 02 July 2004 07:14, Dominic Hargreaves wrote:
> It shouldn't be allowed to delay the release of 35.x. What is the fsync
> problem, anyway? I can't find any reference to it with a quick google.
No, but the newly announced CVE should delay the release:
During an audit of the Linux kernel, SUSE discovered a flaw that allowed
a user to make unauthorized changes to the group ID of files in certain
circumstances. In the 2.4 kernel, as shipped with Fedora Core 1,
the only way this could happen is through the kernel nfs server.
A user on a system that mounted a remote file system from a vulnerable
machine may be able to make unauthorized changes to the group ID of
exported files. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0497 to this issue.
Only Fedora Core 1 systems that are configured to share
file systems via NFS are affected by this issue.
- --
Jesse Keating RHCE (http://geek.j2solutions.net)
Fedora Legacy Team (http://www.fedoralegacy.org)
GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub)
Was I helpful? Let others know:
http://svcs.affero.net/rm.php?r=jkeating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFA5XM54v2HLvE71NURAvJHAKCZovEFYj815VVyGMsT8MogZB2eTACdFshy
F+nd5R3ydiO0wovtOw+OqVs=
=hBwS
-----END PGP SIGNATURE-----
More information about the fedora-legacy-list
mailing list