[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Linux kernel DoS exploit -- don't need root!

On Mon, 2004-06-14 at 12:48, Calvin Park wrote:
> Yeah, I'm none too pleased. Oh well, I suppose I'm off to recompile the
> kernel. 
> Eric, will the next version of K12 come "out of the box" with the patch?
> I know you might not have an answer for that right this second, or
> perhaps you've already answered it somewhere and I missed it. Thanks in
> advance.
> -Calvin

A patched kernel for FC2 was uploaded about 45mins ago. I don't have a
local copy yet. Presumably a FC1 version will be available shortly.

Apt/up2date/yum will pick up the patched kernel as soon as it is

As for the next builds of K12LTSP, yes I generally do include all of
the security patches. Kernels can be tricky, however, so I won't 100%
guarantee that this will be included. If you already have K12LTSP 
installed, you'll pick up the patched kernel via apt/up2date/yum and
thus don't have to worry too much about what patches are, or are not,
included in the next release of K12LTSP...


> On Mon, 2004-06-14 at 14:57, Terrell Prude' wrote:
> > Hello folks,
> > 
> > I don't have read-access to my K12OSN folder, as I am at work, so if 
> > this has already been announced, my apologies.
> > 
> > There is a newly-discovered bug in the Linux kernel versions 2.4 and 2.6 
> > (nearly every version on nearly every distro) that will lock a GNU/Linux 
> > box.  All you need is shell access; *you do not need root*.  That means 
> > that any rambunctious kid could lock your K12LTSP server(s)!
> > 
> > Yes, there is a patch.  I don't know if there's a Fedora-, WBEL-, or 
> > RHEL-specific update at this time.
> > 
> > Here's the link:
> > 
> > http://linuxreviews.org/news/2004-06-11_kernel_crash/index.html
> > 
> > --TP
> > 

Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]