Patches needed for public privesc exploits
Mark J Cox
mjc at redhat.com
Sun Feb 10 14:35:34 UTC 2008
There are three issues in vmsplice; two were published on Friday and had
an upstream fix, CVE-2008-0009 and CVE-2008-0010:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8811930dc74a503415b35c4a79d14fb0b408a361
The last one was a varient of one that was fixed which was public on
Saturday when a exploit was published. CVE-2008-0600. No upstream
patch yet, some discussion here:
http://marc.info/?t=120263655300003&r=1&w=2
All the issues will affect f7,f8,f9 kernels.
Thanks, Mark
--
Mark J Cox / Red Hat Security Response Team
More information about the Fedora-kernel-list
mailing list