Date: Tue, 1 Dec 2009 03:42:33 -0800 From: Jeremy Chadwick <freebsd@jdc.parodius.com> To: freebsd-stable@freebsd.org Subject: Re: FreeBSD local r00t zeroday Message-ID: <20091201114233.GB26501@icarus.home.lan> In-Reply-To: <e27b2fdf0912010304g3718202di66d4eac2abae2045@mail.gmail.com> References: <e27b2fdf0912010304g3718202di66d4eac2abae2045@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 01, 2009 at 06:04:05PM +0700, ~Lst wrote: > Hello all, > > What d'you think about this ? > http://seclists.org/fulldisclosure/2009/Nov/371 Are you actually asking for an opinions of a security hole, or are you just trying to bring it to our attention? An official statement was already issued to freebsd-security about 10 hours ago: http://lists.freebsd.org/pipermail/freebsd-security/2009-December/005369.html The mentioned patch is for src/libexec/rtld-elf/rtld.c (since full paths aren't present in the patch file). Mentioned patch has already been committed to the HEAD (CURRENT), RELENG_7, and RELENG_8 branches approximately 8.75 hours ago, with the note "Advisory coming soon": http://www.freebsd.org/cgi/cvsweb.cgi/src/libexec/rtld-elf/rtld.c -- | Jeremy Chadwick jdc@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091201114233.GB26501>