[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Major Kernel Vulnerability in FC6

k12ltsp wrote:

It's being reported over the news and online that a major kernel
vulnerability exists in many versions of linux, including FC6, that allows
any user to gain root access from their command line.

We have already had a student learn of this exploit and take down our
network. Unfortunately Redhat stopped updating FC6 as of december 7 and have no plans to update it anymore. Fixes for the vulnerability are now
available for FC7 and FC8.

Does anyone know what the status is with K12LTSP moving to FC7 or higher?

LTSP is on track to be incorporated into Fedora 9: http://fedoraproject.org/wiki/Features/K12Linux I'm not sure if a K12LTSP release based on Fedora 7 or 8 will ever see the light.

Does anyone know of an RPM Kernel upgrade that is available for FC6 that
we can install to correct the issue?

If there is a patch someone should be able to build a patched FC6 kernel I guess. We have a K12LTSP 5EL server, so we have a supported setup.

This exposes a major vulnerability that any student can take advantage of
and gain root access.

A guy called Morten Hustveit created a modified version of the exploit that patches the vulnerability: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464953#14 Could be a nice temporary fix.

Nils Breunese.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]