Exec Shield for Linux 2.6.x.y?
by Németh Tamás
Dear Fedora developers or Experts!
Can you tell me if these is an Exec Shield kernel patch for most recent 2.6
series vanilla kernels being able to do full ALSR functionality, including
the relocation of PIE binaries?
When I look at Ingo Molnar's Exec Shield patch web page
(http://people.redhat.com/mingo/exec-shield/), I got the impression that a
fully featured Exec Shield patch set exists only for the 2.4 series of the
Linux kernels. Am I correct?
Thank you for the information!
Best regards:
Nemeth, Tamas
IT administrator
University of West-Hungary, Sopron, Hungary
16 years, 11 months
Security features of recent Fedora versions?
by Németh Tamás
Dear Fedora developers or Experts!
In these days I am mostly engaged in the task of choosing a free and secure
Linux ditribution for our university. I've read some documents from this field
but I am in doubt in a few areas:
When i look at Ingo Molnar's Exec Shield patch web page
(http://people.redhat.com/mingo/exec-shield/), I got the impression that a
fully feature Exec Shield patch set exists only for the 2.4 series of the
Linux kernels, and on the 2.6 series it only provides NX. Am I correct? Is
there an (maybe exprimental) Exec Shield patch for 2.6 kernels which provides
full ALSR functionality, including the relocation of PIE binaries? If not,
then I wonder why is it so difficult to be done for the 2.6 series. (For
example PaX is still considered experimental on 2.6!)
Are the Fedora packages linked with BIND_NOW option to make the -z relro
linking option even more effective?
Thank you for the information!
Best regards:
Nemeth, Tamas
IT administrator
University of West-Hungary, Sopron, Hungary
16 years, 11 months
[Bug 239213] New: CVE-2007-2500: gnash arbitrary code execution
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239213
Summary: CVE-2007-2500: gnash arbitrary code execution
Product: Fedora Extras
Version: fc6
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: medium
Component: gnash
AssignedTo: pertusus(a)free.fr
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: fedora-security-list(a)redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2500
"server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2
allows remote attackers to execute arbitrary code via a large number of
SHOWFRAME elements within a DEFINESPRITE element, which triggers memory
corruption and enables the attacker to call free with an arbitrary address,
probably resultant from a buffer overflow."
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
16 years, 11 months