hkg@xxxxxxxxx wrote: > Anybody? > > Hans wrote: > >>Hi, >> >>When will an RPM for FC3 fixing OpenSSL ASN.1 Remote Buffer Overflow (CVE-2006-3738) be available? >>Also, was the local kernel vulnerability CVE-2006-3745 ever fixed for FC3 with SMP support? >>I didn't see any announcements on http://www.fedoralegacy.org/updates/FC3/. >> >>thanks, >>Hans > > > thanks in advance, > Hans Hi Hans, Work is being done. * I am working with OpenSSL ASN.1 Remote Buffer Overflow (CVE-2006-3738): See Bugzilla #209116, <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209116>. * There is a FC3 kernel bug open. Marc Deslauriers, who has already put in quite a bit of work on the FC3 kernel and submitted it for PUBLISH QA (which no one ever did), says new kernel issues have appeared since his submission of August 2nd. It needs work. See Bugzilla #200034: <https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200034>. I don't see CVE-2006-3745 among the vulnerabilities listed that have so far been worked into an updated FC3 kernel package. Maybe it's among the new issues that yet need to be addressed? Hans, maybe you can add the patch for it (or at least indicate where the patch can be found in the bugzilla ticket 200034) as a contribution to the Legacy project? It would be nice if you do so. Thanks! Hope this helps. -David -- fedora-legacy-list mailing list fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
