[Fwd: [grsec] grsecurity 2.1.2 released for 2.4.29/2.6.11 *CRITICAL UPDATE*]

[Jakub Bogusz]

On Sat, Mar 05, 2005 at 06:37:05PM +0100, Marek Guevara Braun wrote:
> W załączeniu informacja o security update do grseca - z tego co 
> patrzyłem obecne 2.6 z taga LINUX_2_6 jeszcze tego nie ma.
> 
> W drugim mailu trochę więcej informacji i tymczasowy workaround.

> grsecurity 2.1.2 has been released today for the 2.4.29 and 2.6.11 
> kernels. This is a critical release, and all users of grsecurity are 
> strongly urged to upgrade as soon as possible. Changes in this release 
> include the removal of RANDEXEC from the configuration, a fix for the 
> unsafe terminal false positive, the ability to use hostnames instead of 
> IPs in the RBAC policy file, the removal of the randomized TCP ISN, RPC 
> XID, and IP ID code, since they added no greater security that what 
> Linux currently provides, more consistent log messages, and PaX updates. 
> Of particular importance is a fix for an exploitable vulnerability in 
> PaX that exists if the SEGMEXEC or RANDEXEC features are enabled. The 
> vulnerability was found yesterday by the PaX team during an audit of 
> their code. Though remote exploitation of the vulnerability is very 
> unlikely, it can be abused locally to compromise the system.

SEGMEXEC i RANDEXEC są wyłączone we wszystkich konfiguracjach kernel24.
2.6 ma w ogóle PaX wyłączony z tego co widzę.


-- 
Jakub Bogusz    http://cyber.cs.net.pl/~qboosh/