Mailinglist Archive: opensuse-security (25 mails)

< Previous Next >
[opensuse-security] Re: [security-announce] New Linux kernel privilege escalation - heads up notice
  • From: Frank Steiner <fsteiner-mail1@xxxxxxxxxxxxxx>
  • Date: Fri, 06 Nov 2009 09:30:47 +0100
  • Message-id: <4AF3DEB7.8020801@xxxxxxxxxxxxxx>
Hi,

Marcus Meissner wrote

Hi,

A bug in the Linux kernels "pipe" system call implementation was found which
can be used by local attackers to gain root privileges.

CVE-2009-3547
http://www.openwall.com/lists/oss-security/2009/11/03/1


The several days delay in getting Kernel updates out is due to kernel
QA taking around 4 days, as they include numbers of regressions, burn-in
and partner tests and careful evaluation of the generated results.

not meaning to offend anyone, but as far as I can see the patch for
this has been added on October 26th to the SuSE sources (SLE 10 SP2):

* Mon Oct 26 2009 - jkosina@xxxxxxx
- patches.fixes/fix-pipe-null-ptr.patch: fs: pipe.c null pointer
dereference (bnc#550001, CVE-2009-3547).

So couldn't the kernels have been out a week ago?

cu,
Frank


--
Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/
Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/
LMU, Amalienstr. 17 Phone: +49 89 2180-4049
80333 Muenchen, Germany Fax: +49 89 2180-99-4049
* Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >
List Navigation
Follow Ups