Mailinglist Archive: opensuse-security (25 mails)

< Previous Next >
[opensuse-security] Re: [security-announce] New Linux kernel privilege escalation - heads up notice
  • From: Frank Steiner <fsteiner-mail1@xxxxxxxxxxxxxx>
  • Date: Fri, 06 Nov 2009 09:30:47 +0100
  • Message-id: <4AF3DEB7.8020801@xxxxxxxxxxxxxx>

Marcus Meissner wrote


A bug in the Linux kernels "pipe" system call implementation was found which
can be used by local attackers to gain root privileges.


The several days delay in getting Kernel updates out is due to kernel
QA taking around 4 days, as they include numbers of regressions, burn-in
and partner tests and careful evaluation of the generated results.

not meaning to offend anyone, but as far as I can see the patch for
this has been added on October 26th to the SuSE sources (SLE 10 SP2):

* Mon Oct 26 2009 - jkosina@xxxxxxx
- patches.fixes/fix-pipe-null-ptr.patch: fs: pipe.c null pointer
dereference (bnc#550001, CVE-2009-3547).

So couldn't the kernels have been out a week ago?


Dipl.-Inform. Frank Steiner Web:
Lehrstuhl f. Bioinformatik Mail:
LMU, Amalienstr. 17 Phone: +49 89 2180-4049
80333 Muenchen, Germany Fax: +49 89 2180-99-4049
* Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >
List Navigation
Follow Ups