Antonio Olivares writes:
Dear all,There has been a bug in the kernel with a buffer overflow in kernel,\begin{quote} A remote buffer overflow vulnerability in the Linux Kernel could be exploited by attackers to execute code or cripple affected systems, according to a Gentoo bug report that just became public. The flaw could allow malicious hackers to launch arbitrary code with kernel-level privileges. This could lead to complete system compromise or, in some cases if an exploit fails, result in denial-of-service attacks. \end{quote}More at http://blogs.zdnet.com/security/?p=2121Q: Will we see an updated kernel soon that addresses this issue?Is it a real bug or just on Gentoo?
RTFA: •Anders Kaseorg discovered that ndiswrapper did not correctly handle long ESSIDs. If ndiswrapper is in use, a physically near-by attacker could generate specially crafted wireless network traffic and crash the system, leading to a denial of service. If you're using ndiswrapper for a wireless card, you're boned.Just consider it as yet another cost of bending over to accomodate non-free binary blob device drivers, instead of giving your business to Linux-friendly hardware manufacturers which actively support the free software community.
This is not a kernel bug, this is a bug in ndiswrapper, so there won't be any kernel updates for Fedora. The fix will have to be in ndiswrapper, which is not part of Fedora proper.
pgpot9Pkxhh9t.pgp
Description: PGP signature
-- fedora-list mailing list [email protected] To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
