[linux-elitists] Running 2.6 kernels? Time to check patchlevels
Rick Moen
rick@linuxmafia.com
Mon Jul 17 11:36:33 PDT 2006
Jon Corbet, are you feeling like Cassandra, yet? I note, in last
Wednesday's LWN, the editorial "Denial of reality vulnerabilities"
(http://lwn.net/Articles/191080/), tsk-tsking a couple of security
advisories' mischaracterisations of CVE-2006-2451 in 2.6 kernels from
2.6.13 up until just before 2.6.16.24 and 2.6.17.4 as merely a "DoS
vulnerability", when the bug created an obvious path to local root
escalation.
...which was in fact exploited on gluck.debian.org (aka cvs, ddtp,
lintian, people, popcon, planet, ports, and release), the very same day:
http://www.debian.org/News/2006/20060713
Per http://lwn.net/Articles/191166/, the hole was noted June 19, and
cleared for public discussion on July 6.
--
Cheers, English is essentially Pictish that was attacked out of nowhere by
Rick Moen Angles cohabiting with Teutons who were done in by a drunk bunch of
rick@linux Vikings masquerading as Frenchmen who insisted they spoke Latin and
mafia.com Greek but lacked the Arabic in which to convey that. -- Bill Hammel
More information about the linux-elitists
mailing list