Re: Potential security leak in Linux kernel + fix



On Tue, 10 Nov 2009 14:46:30 -0500, "David W. Hodgins" <dwhodgins@xxxxxxxxxxxxxxxxx> wrote:

On Tue, 10 Nov 2009 06:06:32 -0500, Grant <g_r_a_n_t_@xxxxxxxxxxxxxxxxx> wrote:

On Tue, 10 Nov 2009 08:14:27 +0100, Aragorn <aragorn@xxxxxxxxxxxxxxxxxxx> wrote:

With thanks to Bit Twister, who brought this to our attention in
alt.os.linux.mandriva. Details in the article at the URL below.

http://www.itworld.com/security/83917/an-important-linux-fix

Was fixed long time ago, old news...

You're thinking of another bug, as I was, when I first read this.
See http://www.us-cert.gov/cas/bulletins/SB09-313.html
released 2009-11-04, it affects all kernels prior to 2.6.32-rc6.

Maybe so, skimming thru several hundred lkml posts/day (usually
only viewing subject line) means I only have the vaguest idea of
what's going on in there ;)

I do update to -stable version as they come out.

Most distributions are not affected, as they set
/proc/sys/vm/mmap_min_addr to a value other then zero, but
currently up-to-date redhat and suse systems are affected.

Well, my old slackware-11 is not affected.

Grant.
--
http://bugsplatter.id.au
.



Relevant Pages

  • Re: Difference between Debian and other flavours of Linux
    ... These distributions do, by their very nature, lag ... If I could add my 2 small currency units worth to this, I think Fedora is great, but in my so far very limited experience of submitting reports to bugzilla, fixes are much slower than I was expecting. ... It has been looked at by Jindrich Novy, who has decided to reassign the bug to a kernel issue. ...
    (Fedora)
  • Re: "pbclean" Error. Anyone else seeing this?
    ... They said there were no free issues with Platform Builder ... distributions. ... Mark ... > Clearly it's a bug so you wouldn't end up paying for the issue. ...
    (microsoft.public.windowsce.platbuilder)
  • Re: BUG: Setting Server Controls InnerHtml forces Constructore to be called.
    ... I'm viewing the issue and found that this is the same one with another ... BUG: Setting Server Control's InnerHtml forces Constructore to be called. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Windows x Linux
    ... I don't want to make a mistake (like count the same bug in several ... distributions) so, I decided to make the Linux analysis against only on ... linux distribution, RedHat Linux. ... RHSA-2002:035-18 (RedHat Security Advisor) ...
    (Security-Basics)
  • The color purple returns to Hooterville
    ... Random insect action supplied by Bug World Inc. ... Please dispose of properly after viewing. ...
    (alt.photography)