On Mon, 2004-01-12 at 12:29, Jason wrote: > On Mon, Jan 12, 2004 at 09:14:28AM -0800, Jesse Keating wrote: > Content-Description: signed data > > On Monday 12 January 2004 08:53, Jason wrote: > > > Seth posted a src.rpm to the list a week or so ago for cvs to fix a > > > more serious root exploit vuln. I was in the process of verifying it > > > to submit to the bugzilla, so I can check this out as well and patch > > > it in. > > > > You know what? I wonder if this is the same vuln.... I could be just > > cracked in the head. > > It's not .. one is a directory creation problem.. and one is a broken > switch_to_user routine, allowing switching to the root user. > killed the old patch, applied the one from the rh9 errata, now both bugs have been treated. posted at: http://linux.duke.edu/~skvidal/RPMS/cvs/ -sv
