On Sun, Jul 16, 2006 at 11:51:20AM +0300, Avi Kivity wrote: > Dave Jones wrote: > > > >Additionally, this exploit only works with kernels compiled with support > >for a.out style executables, which Fedora isn't. I've got an update > >building for 2.6.17.6 anyway, just to stop the inevitable "why hasn't > >Fedora > >been patched" questions. > > > > Maybe you should send out a "not vulnerable" advisory instead. > Needlessly patching systems is more work for you, for admins, and for > users, and increases the risk of unwanted breakage. Whilst we believe we've analysed all possible attack vectors for this bug, there is always the possibility we've missed something, so it's better safe than sorry. Dave -- http://www.codemonkey.org.uk -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
