--- Mathias Homann
See http://www.heise.de/newsticker/data/ju-20.03.03-000/ or http://www.securityfocus.com/archive/1/315635
Has this been discussed here already?
Yes, already by several people, and I seriously do not understand the silence from SuSE (even given CeBIT as an excuse). My short investigation showed that at least SuSE 7.3 and 8.1 default kernels (2.4.10 and 2.4.19, respectively) are vulnerable to this exploit, this is freely available on the web! And I do not understand statements like:
FYI, new GRsecurity 1.9.9d solves this problem.
Sure, there's even simpler way - one may just apply Alan Cox's patch to his kernel and happily go ahead, but I guess it's rather expected that SuSE provides a patched kernel rpms combined with usual official security notice... Or am I wrong? Eduard __________________________________________________ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com