Re: Potential security leak in Linux kernel + fix



On Tue, 10 Nov 2009 14:46:30 -0500, "David W. Hodgins" <dwhodgins@xxxxxxxxxxxxxxxxx> wrote:

On Tue, 10 Nov 2009 06:06:32 -0500, Grant <g_r_a_n_t_@xxxxxxxxxxxxxxxxx> wrote:

On Tue, 10 Nov 2009 08:14:27 +0100, Aragorn <aragorn@xxxxxxxxxxxxxxxxxxx> wrote:

With thanks to Bit Twister, who brought this to our attention in
alt.os.linux.mandriva. Details in the article at the URL below.

http://www.itworld.com/security/83917/an-important-linux-fix

Was fixed long time ago, old news...

You're thinking of another bug, as I was, when I first read this.
See http://www.us-cert.gov/cas/bulletins/SB09-313.html
released 2009-11-04, it affects all kernels prior to 2.6.32-rc6.

Maybe so, skimming thru several hundred lkml posts/day (usually
only viewing subject line) means I only have the vaguest idea of
what's going on in there ;)

I do update to -stable version as they come out.

Most distributions are not affected, as they set
/proc/sys/vm/mmap_min_addr to a value other then zero, but
currently up-to-date redhat and suse systems are affected.

Well, my old slackware-11 is not affected.

Grant.
--
http://bugsplatter.id.au
.