On Thu, 4 Dec 2003, Ow Mun Heng wrote: > > > > -----Original Message----- > > From: Matthew Saltzman [mailto:mjs@xxxxxxxxxxxxxxx] > > Sent: Wednesday, December 03, 2003 11:04 PM > > To: shrike-list@xxxxxxxxxx > > Subject: Re: up2date demo mode? > > > > > > Note that a kernel errata for a pretty severe security issue was just > > announced in the last couple of days, so it may take a couple > > more days > > for things to settle down. > > Does anyone know exactly what this errata is? I read somewhere it's due to > the > call to sys_brk() in mm/mmap.c I did a search in 2.4.23/mm/mmap.c and didn't > find any refererences to that. So.. It's fixed? It's a back-port of the fix to do_brk() (not sys_brk()) to the 2.4.20 RH kernel. > > BTW, since up2date won't be 'up2date' come april 2004, I'm wondering how we, > end users are gonna know about 'servere' errattas and the where the fixes > are. Anyone here can comment? I know about apt/yum but isn't that more like > whatever the packager will provide? I currently am using freshrpms and > dag-wieers and nyquist rpms to update. Fedora-Legacy and Progeny have already been mentioned. The other possibility is to subscribe to CERT, BUGTRAQ, etc. and get package updates from the upstream providers. > > Thanks > OW > > > -- Matthew Saltzman Clemson University Math Sciences mjs AT clemson DOT edu http://www.math.clemson.edu/~mjs -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
