Mailinglist Archive: opensuse-security-announce (11 mails)

< Previous Next >
[security-announce] Heads up on vmsplice local root exploit (CVE-2008-0600)
  • From: Marcus Meissner <meissner@xxxxxxx>
  • Date: Mon, 11 Feb 2008 17:08:46 +0100
  • Message-id: <20080211160846.GA25258@xxxxxxx>
Hi folks,

As you are undoubtly aware a new local root exploit has been
discovered on the weekend and reported to a wide audience.

The CVE identifier is CVE-2008-0600.

The problem affects only kernels 2.6.17 and newer, so it affects
only following of our products:
- openSUSE 10.2 (2.6.18.x kernel)
- openSUSE 10.3 (2.6.22.x kernel)


This problem does NOT affect all others products:
- SUSE Linux 10.1 (2.6.16.x kernel)
- SUSE Linux Enterprise 10 (2.6.16.x kernel)
- SUSE Linux Enterprise Server 9 (2.6.5 kernel)
- Novell Linux Desktop 9 (2.6.5 kernel)
- SUSE Linux Enterprise Server 8 (2.4.21 kernel)



Updates are in preparation for openSUSE 10.2 and 10.3 and will hopefully
be released tomorrow (Tuesday) morning german time.


Test kernel updates are available in our Online Update Betatest Repositories:
- openSUSE 10.3: http://download.opensuse.org/update/10.3-test/
kernel version-release of fixed kernel: 2.6.22.17-0.1

- openSUSE 10.2: ftp://ftp.suse.com/pub/suse/update/10.2-test/
kernel version-release of fixed kernel: 2.6.18.8-0.9

Please note that these update channels contain "beta" quality updates,
so are not recommended for production use systems. Only use the kernel.

Ciao, Marcus
< Previous Next >
This Thread
  • No further messages