On Sat, Jan 08, 2005 at 12:16:00AM +0100, Szabó Ákos wrote: > Brad Spengler send a mail to the grsecurity list, and He wrote: > > 3) 2.4/2.6 random poolsize sysctl handler integer overflow > 4) 2.6 scsi ioctl integer overflow and information leak > 5) 2.2/2.4/2.6 moxa serial driver bss overflow > 6) 2.4/2.6 RLIMIT_MEMLOCK bypass and (2.6) unprivileged user DoS > 7) Attachments, including patches for all vulns, a POC for #3, and a > working exploit for #6 > > He talk about 2.4.28, and 2.6.10. If You want, I can forward the whole > message. > > The -ac6 patch fixed those problems? -ac7 (as of about 5 mins ago) The real 3. Given Moxa doesnt even compile in 2.6 that didn't make sense. Also moxa had a more serious hole he missed. It seems to be security day. -ac8 will fix another hole or two (less serious) probably tomorrow.