On Tue, 14 Nov 2000, John wrote:
Hi,
I'm a little confused about the modutils / modules security upgrade.
The announcement from SuSE stated that 6.4/7.0 are affected, as it's only more recent versions of modutils that are vulnerable.
However, the announcement on the kernel mailing list stated that modutils versions > 2.1.121 are vulnerable. Checking on my SuSE 6.1 system with /sbin/modprobe -V shows that it's running version 2.2.2-pre6.
So - are versions of SuSE prior to 6.4 vulnerable to this problem as well? If so, will suse be producing an upgrade, or do I need to upgrade modutils from source?
Since this bug needs ping6 to be exploited and this isnt shiped on <6.4, it could be hard to exploit. If paranoid, update modules package. It cant hurt you :) S.