Hi list, in addition (and in opposite to what was posted on www.heise.de) kernel-versions 2.2.x are also affected - I tested it on two different machines. Just to inform you...
And again SuSE-people (with a Hello! to Roman ;)): when will we get an update? I am not asking for 2.2.x, but for 2.4.x and 2.6.x kernels...
The bug is classified "Gravierend" in Heise Newsticker, which I do not fully comply with. This is a post-auth local DoS that there exist many of these days. All of those have a simple cure: userdel -r. We have heard of it shortly before the weekend, and we're working on it. There are some more bugs that are to be considered more serious, from a more objective standpoint - we will include the fixes for these with even more pressure.
Greetz Christoph
Thanks, Roman.