The SuSe changelog contains the following information: * Wed Dec 07 2005 - [EMAIL PROTECTED] - fix local root exploit and possible buffer overflow * Mon Oct 03 2005 - [EMAIL PROTECTED] - fix consider nice (bug 117490) - acpi problems with button ignore (bug 117248) - fix opening of too many dbus connections (bug 106897) - fix dbus policy in configuration file and so forbid remote users to use the powersave-dbus interface (bug 119628)
* Wed Dec 07 2005 - [EMAIL PROTECTED] - fix local root exploit and possible buffer overflow The second entry should probably read "Fix buffer overflow and possible local root exploit". There is just a patch for a buffer overflow, and not one specifically for a local root exploit. The first issue is described at: <https://bugzilla.novell.com/show_bug.cgi?id=119628&x=18&y=11&=Find> This bug cannot be exploited by "remote users" in the usual terminology, but by local users which do not have console access. (From the bug description: "look for a machine where someone is working on a desktop. Login remote. Type 'powersave -U'. Hear the desktop user scream when his machine goes into suspend. powersave -U/-u should only work for X-user.") _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
