SLES 8 kernel 2.4.21-94 seems to include the mremap problem: |This This update fixes a security vulnerability in the Linux |kernel (CAN-2003-0985) and contains additional fixes and IBM |codedrops. The changes in detail are: | | Security fix | | * Add missing check in mremap (CAN-2003-0985)
Don't know about the other one. Marcy Cortes Wells Fargo Services Company -----Original Message----- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Eric Sammons Sent: Wednesday, January 14, 2004 14:58 To: [EMAIL PROTECTED] Subject: Re: [LINUX-390] Kernel 2.4.24 available for SLES8? Here is the more exact finding our security group is concerned with: There are 2 recently discovered Linux Kernel vulnerabilities that could result in an attacker gaining elevated privileges on a Linux server. One involves exploiting the kernel function do_mremap()--insufficient bounds checking in the mremap system call; the other involves an exploit that allows an attacker to cause data stored in the kernel memory space to leak into user space via weaknesses in the real time clock (rtc) routines. IN both cases the vulnerability can be removed by upgrading the Linux kernel to version 2.2.24. Thanks! Eric Sammons
