[grsec] grsecurity 2.1.2 released for 2.4.29/2.6.11 *CRITICAL
UPDATE*
Brad Spengler
spender at grsecurity.net
Fri Mar 4 19:55:23 EST 2005
grsecurity 2.1.2 has been released today for the 2.4.29 and 2.6.11
kernels. This is a critical release, and all users of grsecurity are
strongly urged to upgrade as soon as possible. Changes in this release
include the removal of RANDEXEC from the configuration, a fix for the
unsafe terminal false positive, the ability to use hostnames instead of
IPs in the RBAC policy file, the removal of the randomized TCP ISN, RPC
XID, and IP ID code, since they added no greater security that what
Linux currently provides, more consistent log messages, and PaX updates.
Of particular importance is a fix for an exploitable vulnerability in
PaX that exists if the SEGMEXEC or RANDEXEC features are enabled. The
vulnerability was found yesterday by the PaX team during an audit of
their code. Though remote exploitation of the vulnerability is very
unlikely, it can be abused locally to compromise the system.
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20050304/3dbf5df4/attachment.pgp
More information about the grsecurity
mailing list