22 messages in org.freebsd.freebsd-securityRe: FreeBSD Security Advisory FreeBSD...| From | Sent On | Attachments |
|---|---|---|
| FreeBSD Security Advisories | Jul 10, 2001 7:01 am | |
| Mike Tancsa | Jul 10, 2001 7:04 am | |
| Mike Tancsa | Jul 10, 2001 9:24 am | |
| Jason DiCioccio | Jul 10, 2001 9:27 am | |
| Jason DiCioccio | Jul 10, 2001 9:39 am | |
| Alex Popa | Jul 10, 2001 1:46 pm | |
| Przemyslaw Frasunek | Jul 10, 2001 2:09 pm | |
| Alex Popa | Jul 10, 2001 2:09 pm | |
| Christopher Schulte | Jul 10, 2001 2:15 pm | |
| bow | Jul 10, 2001 3:14 pm | |
| Joe Oliveiro | Jul 10, 2001 3:18 pm | |
| Domas Mituzas | Jul 10, 2001 3:44 pm | |
| Dima Dorfman | Jul 10, 2001 6:59 pm | |
| Jacques A. Vidrine | Jul 11, 2001 8:45 am | |
| Kris Kennaway | Jul 11, 2001 11:44 am | |
| Kris Kennaway | Jul 11, 2001 12:05 pm | |
| Kris Kennaway | Jul 11, 2001 12:18 pm | |
| Kris Kennaway | Jul 11, 2001 12:21 pm | |
| Jacques A. Vidrine | Jul 11, 2001 12:29 pm | |
| Kris Kennaway | Jul 11, 2001 12:32 pm | |
| Dima Dorfman | Jul 11, 2001 3:48 pm | |
| Kris Kennaway | Jul 11, 2001 3:58 pm |
| Subject: | Re: FreeBSD Security Advisory FreeBSD-SA-01: | |
|---|---|---|
| From: | Kris Kennaway (kr...@obsecurity.org) | |
| Date: | Jul 11, 2001 12:32:13 pm | |
| List: | org.freebsd.freebsd-security | |
On Wed, Jul 11, 2001 at 02:29:26PM -0500, Jacques A. Vidrine wrote:
On Wed, Jul 11, 2001 at 11:44:59AM -0700, Kris Kennaway wrote:
On Wed, Jul 11, 2001 at 10:46:09AM -0500, Jacques A. Vidrine wrote:
On Tue, Jul 10, 2001 at 06:59:57PM -0700, Dima Dorfman wrote:
Jason DiCioccio <jdic...@epylon.com> writes:
So then I'm guessing this has been 3.5-STABLE is not vulnerable? Just want to be sure :-)
What makes you say that? The necessary fix isn't present in RELENG_3, and I doubt that there's something else which hides the issue.
I haven't double-checked, but it looks like this bug was enabled by revision 1.54 of src/sys/kern/kern_fork.c (allowing shared signal handlers with rfork). That would include 3.1-RELEASE and all following releases.
As was announced several months ago, we are no longer requiring security fixes for locally exploitable vulnerabilities under RELENG_3, only network-exploitable vulnerabilities.
Yes, I'm aware. I was just trying to help answer Jason's (and others) question about what versions are vulnerable.
Thanks. It seems some people missed the initial announcement about RELENG_3 which is why I've been repeating it a bit:-(
Kris