From: Frank Steiner [mailto:fsteiner-mail@bio.ifi.lmu.de]
Marcus Meissner wrote
If it applies and builds correctly, yes.
Ok, thanks!
However, the full final approved fix for all the issues involved might be still pending.
Yes, I'm aware of the difference of my self-patched kernel and an official SuSE release :-) No question that you do the more intensive and better testing! I just want a quick fix for now and don't mind to upgrade again after you've released the official update, possibly with more fixes.
An immediate hotfix that requires no patching or updates is to disable core dumps. As mentioned in http://www.isec.pl/vulnerabilities/isec-0023-coredump.txt (This is from the guy who discovered this problem - see http://secunia.com/advisories/15341 ) "A hotfix for this vulnerability is to disallow processes to drop core. This can be accomplished by setting the hard core size limit for users to 0 (e.g. ulimit -H -c 0, man limits.conf)."