Stevens wrote:
Not to show my ignorance, but after reading the info about this exploit, just how would my system come under attack by it? Is it embedded in some malicious java code on a website or contained in an email message that I don't read anyway? Just how would an attacker use this kernel exploit on my system?
Someone has to get the code onto your system, and then run it. If you do NOT have other people logging onto the system, then the exploit by itself is not a threat -- it MUST be combined with one or more other exploits to: 1) get it onto your system 2) execute it.
Also, from the opensuse-security announcement: "Please note that these update channels contain "beta" quality updates, so are not recommended for production use systems. Only use the kernel."
WTF does that mean? If I have a production machine, don't apply the fix?
In general, I wouldn't, no. POSSIBLY for a multi-user machine on which people are logging in and using a shell or GUI, in undergraduate students or younger are users, I would upgrade the kernel. But in general, no, especially for business. I'll trust employees more than a "beta" patch. Better quality fixes will be available shortly.
Fred
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org