tech-security: NIST NVD CVE-2006-5218 systrace

Subject: NIST NVD CVE-2006-5218 systrace_preprepl (WAS: Fwd: [netops]
To: None <tech-security@netbsd.org, Currnet-users@netbsd.org>
From: Brian A. Seklecki <bseklecki@collaborativefusion.com>
List: tech-security
Date: 10/16/2006 17:15:10
--=-ll6MxbzU/PtF83aHe4cV
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

I don't know if anyone has seen this or not:

	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5218

I know we killed systrace in -current.  Obviously I don't want to wait
for the official security announcement. Can I request a an MFS/RFP of
this patch into -rnetbsd-3 ?

$ sudo cvs log -rnetbsd-3 kern_systrace.c     

RCS file: /cvsroot/src/sys/kern/kern_systrace.c,v
Working file: kern_systrace.c
head: 1.60
revision 1.44.2.3
date: 2005/12/29 20:25:25;  author: riz;  state: Exp;  lines: +3 -3

Actually I suppose 1.44 -> 1.6 is pretty serious.  I will try to see if
a -rnetbsd-3 kernel compiles first with the HEAD sticky bit.

-- 
Brian A. Seklecki <bseklecki@collaborativefusion.com>
Collaborative Fusion, Inc.

--=-ll6MxbzU/PtF83aHe4cV
Content-Disposition: inline
Content-Description: Forwarded message - [netops] vulnerabilities
Content-Type: message/rfc822

	<netops-bounce-642-bseklecki=mail.pub.collaborativefusion.com@mail.pub.collaborativefusion.com>
	with local; Mon, 16 Oct 2006 16:15:32 -0400 id 0005644F.4533E864.0000896A
List-Subscribe: <mailto:netops-subscribe@collaborativefusion.com>
List-Unsubscribe: <mailto:netops-unsubscribe@collaborativefusion.com>
List-Post: <mailto:netops@collaborativefusion.com>
List-Owner: <mailto:netops-owner@collaborativefusion.com>
List-Help: <mailto:netops-help@collaborativefusion.com>
	(pr40.pitbpa0.pub.collaborativefusion.com [206.210.89.202]) (SSL:
	TLSv1/SSLv3,256bits,AES256-SHA) by wingspan with esmtp; Mon, 16 Oct 2006
	16:15:31 -0400 id 00056441.4533E863.00008961
Message-Id: <7.0.1.0.2.20061016161526.05738998@collaborativefusion.com>
Date: Mon, 16 Oct 2006 16:16:18 -0400
To: netops@collaborativefusion.com
From: Bryan Kaplan <bkaplan@collaborativefusion.com>
Subject: [netops] vulnerabilities
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

PHP
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5178
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4812

OpenBSD/NetBSD
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5218

Python
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4980



Bryan Kaplan
Collaborative Fusion, Inc.
bkaplan@collaborativefusion.com


****************************************************************
IMPORTANT: This message contains confidential information
and is intended only for the individual named. If the reader of
this message is not an intended recipient (or the individual
responsible for the delivery of this message to an intended
recipient), please be advised that any re-use, dissemination,
distribution or copying of this message is prohibited. Please
notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or
error-free as information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain viruses. The
sender therefore does not accept liability for any errors or
omissions in the contents of this message, which arise as a
result of e-mail transmission.
****************************************************************


--=-ll6MxbzU/PtF83aHe4cV--