lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: marcin at owsiany.pl (Marcin Owsiany)
Subject: Gentoo versioning [was: [ GLSA 200403-02 ] Linux kernel do_mremap local privilege escalation vulnerability]

On Sat, Mar 06, 2004 at 11:40:27PM +0000, Tim Yamin wrote:
> ~   -------------------------------------------------------------------
> ~          Kernel      /   Unaffected Version   /    Manual Update?
> ~   -------------------------------------------------------------------
> 
> ~   aa-sources................2.4.23-r1...................YES..........
> ~   alpha-sources.............2.4.21-r4................................
> ~   ck-sources................2.4.24-r1...................YES..........
> ~   ck-sources................2.6.2-r1....................YES..........
[...]
> ~   IMPORTANT: IF YOUR KERNEL IS MARKED AS "YES" ABOVE, THEN YOU SHOULD
> ~              UPDATE YOUR KERNEL EVEN IF PORTAGE REPORTS THAT THE SAME
> ~              VERSION IS INSTALLED.

I don't know Gentoo, but could someone describe the reason for this
note? It seems something is very broken. Does that mean that version
string does not uniquely identify a version of package?

regards,

Marcin
-- 
Marcin Owsiany <marcin@...iany.pl>              http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216
 
"Every program in development at MIT expands until it can read mail."
                                                              -- Unknown


Powered by blists - more mailing lists