No subject


Sat Oct 14 20:46:50 EDT 2006


    What all the hoopla is about is that Debian somehow
    let this patch that's been available for a month or
    two slip and got bitten by it," said Wreski.

    As of Monday, patches that corrected the kernel bug
    had been issued for a number of Linux distributions, 
    including Red Hat, Debian, and Mandrake Linux.

    [...]

    The bug does not only affect Debian users, however.
    Any Linux user running a version of the kernel prior
    to 2.4.23 should contact their distribution provider
    to see whether a patch for the exploit has been made
    available, Torvalds said.

[I.e., it's a kernel problem.  "Debian" in this case is
the Debian developers' machines; Debian is a user just
like the rest of us. Note that Red Hat and Mandrake were
right on the problem, and have issued patches...by Monday
...also after a month or two, just like Debian.  That is, 
after someone had gotten bitten.]

    The bug does not only affect Debian users, however.
    Any Linux user running a version of the kernel prior
    to 2.4.23 should contact their distribution provider
    to see whether a patch for the exploit has been made
    available, Torvalds said.

The problem seems to be due to a bug in the brk() call.


More information about the gnhlug-discuss mailing list