[K12OSN] Linux kernel DoS exploit -- don't need root!
eharrison at mail.mesd.k12.or.us
Mon Jun 14 20:23:15 UTC 2004
On Mon, 2004-06-14 at 12:48, Calvin Park wrote:
> Yeah, I'm none too pleased. Oh well, I suppose I'm off to recompile the
> Eric, will the next version of K12 come "out of the box" with the patch?
> I know you might not have an answer for that right this second, or
> perhaps you've already answered it somewhere and I missed it. Thanks in
A patched kernel for FC2 was uploaded about 45mins ago. I don't have a
local copy yet. Presumably a FC1 version will be available shortly.
Apt/up2date/yum will pick up the patched kernel as soon as it is
As for the next builds of K12LTSP, yes I generally do include all of
the security patches. Kernels can be tricky, however, so I won't 100%
guarantee that this will be included. If you already have K12LTSP
installed, you'll pick up the patched kernel via apt/up2date/yum and
thus don't have to worry too much about what patches are, or are not,
included in the next release of K12LTSP...
> On Mon, 2004-06-14 at 14:57, Terrell Prude' wrote:
> > Hello folks,
> > I don't have read-access to my K12OSN folder, as I am at work, so if
> > this has already been announced, my apologies.
> > There is a newly-discovered bug in the Linux kernel versions 2.4 and 2.6
> > (nearly every version on nearly every distro) that will lock a GNU/Linux
> > box. All you need is shell access; *you do not need root*. That means
> > that any rambunctious kid could lock your K12LTSP server(s)!
> > Yes, there is a patch. I don't know if there's a Fedora-, WBEL-, or
> > RHEL-specific update at this time.
> > Here's the link:
> > http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html
> > --TP
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the K12OSN