[Fwd: [grsec] grsecurity 2.1.2 released for 2.4.29/2.6.11
*CRITICAL UPDATE*]
Jakub Bogusz
qboosh w pld-linux.org
Sob, 5 Mar 2005, 18:54:13 CET
On Sat, Mar 05, 2005 at 06:37:05PM +0100, Marek Guevara Braun wrote:
> W załączeniu informacja o security update do grseca - z tego co
> patrzyłem obecne 2.6 z taga LINUX_2_6 jeszcze tego nie ma.
>
> W drugim mailu trochę więcej informacji i tymczasowy workaround.
> grsecurity 2.1.2 has been released today for the 2.4.29 and 2.6.11
> kernels. This is a critical release, and all users of grsecurity are
> strongly urged to upgrade as soon as possible. Changes in this release
> include the removal of RANDEXEC from the configuration, a fix for the
> unsafe terminal false positive, the ability to use hostnames instead of
> IPs in the RBAC policy file, the removal of the randomized TCP ISN, RPC
> XID, and IP ID code, since they added no greater security that what
> Linux currently provides, more consistent log messages, and PaX updates.
> Of particular importance is a fix for an exploitable vulnerability in
> PaX that exists if the SEGMEXEC or RANDEXEC features are enabled. The
> vulnerability was found yesterday by the PaX team during an audit of
> their code. Though remote exploitation of the vulnerability is very
> unlikely, it can be abused locally to compromise the system.
SEGMEXEC i RANDEXEC są wyłączone we wszystkich konfiguracjach kernel24.
2.6 ma w ogóle PaX wyłączony z tego co widzę.
--
Jakub Bogusz http://cyber.cs.net.pl/~qboosh/
Więcej informacji o liście dyskusyjnej pld-kernel