On Sun, Feb 10, 2008 at 11:41:44PM +0100, Carlos E. R. wrote:
Hi,
I post this on request of another lister from the Spanish mail list; I don't have personal knowledge of this problem. I would like to see comments on this.
The vulnerability allows a user to become root with any kernel newer than 2.6.17 with vmsplice compiled in. Opensuse 10.3 is affected. A remote attacker gaining access as an unprivileged user (flash hack?) could get root privilege's.
Solutions:
This problem affects both openSUSE 10.2 and 10.3, older products did not have vmsplice and so are not affected. Theoretically the KOTD should have the fix already, but it is not syncing due to other problems. An update will released probably Monday or Tuesday. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org