Mailinglist Archive: opensuse (3572 mails)

[Aaron Kulkis <akulkis00@xxxxxxxxxx>]

Stevens wrote:
> Not to show my ignorance, but after reading the info
> about this exploit, just how would my system come 
> under attack by it? Is it embedded in some malicious
> java code on a website or contained in an email
> message that I don't read anyway? Just how would an
> attacker use this kernel exploit on my system?

Someone has to get the code onto your system,
and then run it.

If you do NOT have other people logging onto the
system, then the exploit by itself is not a threat --
it MUST be combined with one or more other exploits
to:
1) get it onto your system
2) execute it.


> Also, from the opensuse-security announcement:
> "Please note that these update channels contain "beta" 
> quality updates, so are not recommended for production use 
> systems. Only use the kernel."
>
> WTF does that mean? If I have a production machine, don't
> apply the fix?

In general, I wouldn't, no.
POSSIBLY for a multi-user machine on which people are
logging in and using a shell or GUI, in undergraduate
students or younger are users, I would upgrade the
kernel.

But in general, no, especially for business.
I'll trust employees more than a "beta" patch.
Better quality fixes will be available shortly.

> Fred



--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx