Marcus Meissner wrote:
I'm not understanding what "this allocator in our shipping products" means. Could anyone please clarify?
Looking at <http://www.novell.com/linux/security/advisories/2005_29_kernel.html>, it seems at odds with the statement that Suse did not fix this issue.
On the 10th, following on a security upgrade notice, I upgraded several packages, including the kernel. (Actually, to say that I upgraded gives me too much credit... I just tried to click on the correct answers. :) So now my /boot/vmlinuz and /boot/initrd are both dated 2005-06-10. Does this mean that this exploit has been patched on my system? Is there a command which users can run to determine whether this exploit exists on their systems?
According to our kernel gurus this problem existed only in 2.6.12 development trees which we do not ship with any product.
So -> not affected.
Ciao, Marcus
Okay, I think I'm understanding: the OP thought (incorrectly) that <http://www.novell.com/linux/security/advisories/2005_29_kernel.html> addressed the mmap exploit when in fact it addresses different issues. The question remains: On the 10th, following on a security upgrade notice, I upgraded (via suse-watcher) several packages, including the kernel. ... So now my /boot/vmlinuz and /boot/initrd are both dated 2005-06-10. Does this mean that this [security upgrade referred to in <http://www.novell.com/linux/security/advisories/2005_29_kernel.html> has been performed] on my system? Is there a command which users can run to determine this...? thanks. -- A lot of us are working harder than we want, at things we don't like to do. Why? ...In order to afford the sort of existence we don't care to live. -- Bradford Angier