Fix for vmsplice exploit...

amc acrossonlnx at comcast.net
Thu Feb 14 07:55:55 EST 2008 

Its nice to see how fast the gentoo developers patched the gentoo-sources. 



>From the gentoo.org home page 

Two major security flaws in the Linux kernel were reported last weekend. Both flaws have the same impact (root access for local users) and both exist within the vmsplice() system call, which was added to the kernel in 2.6.17. There is no configuration option to exclude vmsplice() so everyone is vulnerable. 

One of the security issues existed for the entire lifetime of vmsplice(), so any kernel version from 2.6.17 onwards is vulnerable. This was fixed in 2.6.24.2, 2.6.23.16 and 2.6.22.18. It has been assigned the vulnerability identifier of CVE-2008-0600. 

The other security issue first appeared in 2.6.23. It was fixed in 2.6.23.15 and 2.6.24.1. This vulnerability has been assigned CVE-2008-0009 and CVE-2008-0010. 

gentoo-sources-2.6.23-r8 and gentoo-sources-2.6.24-r2 were added to the tree Monday and include fixes for both issues. Install the latest gentoo-sources as quickly as possible. 

  ----- Original Message ----- 
  From: Bob King 
  To: GNHLUG 
  Sent: Wednesday, February 13, 2008 10:14 PM
  Subject: Fwd: Fix for vmsplice exploit...




  On Feb 13, 2008 1:04 PM, Ted Roche <tedroche at tedroche.com> wrote:

    I saw the patch come in over the Red Hat Network for a couple of Red Hat
    systems we have subscriptions for, too. Nice to see such quick response
    time!

  Fedora also. I also saw a fix for Mandriva announced as well. Nice to see  the FOSS community respond so quickly to an issue like this. Nice to know we don't have to wait for "Patch Tuesday".







------------------------------------------------------------------------------


  _______________________________________________
  gnhlug-discuss mailing list
  gnhlug-discuss at mail.gnhlug.org
  http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20080214/b45debc7/attachment.html

More information about the gnhlug-discuss mailing list