2004-04-15 11:33

by Vasil Kolev

Day for update, 2.4.26 is out, and it has some security updates. I saw what the security problems were, and almost died laughing:
* CAN-2004-0003

The R128 DRI bounds checking bug is a potential local root exploit.
According to this patch [iu.edu] 2.4.26 contains the fix.

* CAN-2004-0109

The isofs bug. It is locally exploitable iff you have hardware access or if you can induce someone to mount a compromised medium.

* CAN-2004-0177

The ext3 information leak. It cannot lead to any exploit and has only the tiniest chances of giving an attacker any usable information.

* CAN-2004-0178

The SoundBlaster Denial of Service.

Okay, I’ll upgrade, I don’t have a lot more to do today, and it doesn’t take time (it’s already compiled, I’ll call the people who have more important services, and will reboot).

I’ll be ashamed all day. In a document me and chervarium have written, that 40+18=48. I’ll borrow his first grade math textbook, that we gave hi as a birthday present a few years ago, and will reread it…

Shame.ludost.net is getting up to speed and visits, judging by the stats, and has a good number of comments. I probably should find a way to get it to the people that are described there, to know, that they aren’t getting away with being idiots any more :)

And finally for today – a friend has the desire to print some T-shirts with Adminspotting, and here you can see the face and the back. Whomever is interested tan contact him at ICQ 116490768 or email valhalla_bg(at)yahoo(dot)com. Orders are accepted until Monday, and if they’re enough, it will be done on sieveprint (sp?), if not – with a (decent) sticker.
(don’t send me any questions about this :) )

Leave a Reply