Hi, Marcus Meissner wrote
Hi,
A bug in the Linux kernels "pipe" system call implementation was found which can be used by local attackers to gain root privileges.
CVE-2009-3547 http://www.openwall.com/lists/oss-security/2009/11/03/1
The several days delay in getting Kernel updates out is due to kernel QA taking around 4 days, as they include numbers of regressions, burn-in and partner tests and careful evaluation of the generated results.
not meaning to offend anyone, but as far as I can see the patch for this has been added on October 26th to the SuSE sources (SLE 10 SP2): * Mon Oct 26 2009 - jkosina@suse.de - patches.fixes/fix-pipe-null-ptr.patch: fs: pipe.c null pointer dereference (bnc#550001, CVE-2009-3547). So couldn't the kernels have been out a week ago? cu, Frank -- Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/ Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/ LMU, Amalienstr. 17 Phone: +49 89 2180-4049 80333 Muenchen, Germany Fax: +49 89 2180-99-4049 * Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. * -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org