[linux-elitists] Running 2.6 kernels? Time to check patchlevels

Rick Moen rick@linuxmafia.com
Mon Jul 17 11:36:33 PDT 2006


Jon Corbet, are you feeling like Cassandra, yet?  I note, in last
Wednesday's LWN, the editorial "Denial of reality vulnerabilities" 
(http://lwn.net/Articles/191080/), tsk-tsking a couple of security
advisories' mischaracterisations of CVE-2006-2451 in 2.6 kernels from
2.6.13 up until just before 2.6.16.24 and 2.6.17.4 as merely a "DoS
vulnerability", when the bug created an obvious path to local root
escalation.

...which was in fact exploited on gluck.debian.org (aka cvs, ddtp,
lintian, people, popcon, planet, ports, and release), the very same day:
http://www.debian.org/News/2006/20060713

Per http://lwn.net/Articles/191166/, the hole was noted June 19, and 
cleared for public discussion on July 6.

-- 
Cheers,      English is essentially Pictish that was attacked out of nowhere by
Rick Moen    Angles cohabiting with Teutons who were done in by a drunk bunch of
rick@linux   Vikings masquerading as Frenchmen who insisted they spoke Latin and
mafia.com    Greek but lacked the Arabic in which to convey that. -- Bill Hammel



More information about the linux-elitists mailing list