As you are undoubtly aware a new local root exploit has been
discovered on the weekend and reported to a wide audience.
The CVE identifier is CVE-2008-0600.
The problem affects only kernels 2.6.17 and newer, so it affects
only following of our products:
- openSUSE 10.2 (2.6.18.x kernel)
- openSUSE 10.3 (2.6.22.x kernel)
This problem does NOT affect all others products:
- SUSE Linux 10.1 (2.6.16.x kernel)
- SUSE Linux Enterprise 10 (2.6.16.x kernel)
- SUSE Linux Enterprise Server 9 (2.6.5 kernel)
- Novell Linux Desktop 9 (2.6.5 kernel)
- SUSE Linux Enterprise Server 8 (2.4.21 kernel)
Updates are in preparation for openSUSE 10.2 and 10.3 and will hopefully
be released tomorrow (Tuesday) morning german time.
Test kernel updates are available in our Online Update Betatest Repositories:
- openSUSE 10.3: http://download.opensuse.org/update/10.3-test/
kernel version-release of fixed kernel: 22.214.171.124-0.1
- openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2-test/
kernel version-release of fixed kernel: 126.96.36.199-0.9
Please note that these update channels contain "beta" quality updates,
so are not recommended for production use systems. Only use the kernel.