100143 2003-05-01  22:25  /21 rader/ Christoph Hellwig <hch@infradead.org>
Importerad: 2003-05-01  22:25  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <4729>
Ärende: Red Hat IA64 products still missing fixes for the ptrace vs kmod vulnerability
------------------------------------------------------------
It seems redhat still hasn't manged to make any of their IA64 products
immune against CAN-2003-0127.

For RH AS2.1 (and it's crippled corporate newspeak variations) a
kernel errata was released only for x86 but noa IA64, as in

	https://rhn.redhat.com/errata/RHSA-2003-103.html

for RH 7.x on IA64 there was an kernel updated released, 2.4.9-41 whos
only change over the previous version is the addition of a patch,
linux-2.4.9-ptrace-harden.patch that seems to fix this exploit, but
if you look at the specfile this patch isn't actually applied as part
of the build process ( note the comment in the %patch line!):

# harden ptrace
# %patch2480 -p1

I have informed Red Hat about this shortly after the package was
released and was told this has been forwarded to the responsible
maintainer, but nothing has happened yet..
(100143) /Christoph Hellwig <hch@infradead.org>/(Ombruten)