Not to show my ignorance, but after reading the info about this exploit, just how would my system come under attack by it? Is it embedded in some malicious java code on a website or contained in an email message that I don't read anyway? Just how would an attacker use this kernel exploit on my system?
Also, from the opensuse-security announcement: "Please note that these update channels contain "beta" quality updates, so are not recommended for production use systems. Only use the kernel."
WTF does that mean? If I have a production machine, don't apply the fix?
Fred
Fred, For that exploit to work they would need to have local access to your machine and probably a compiler privileges. If you're tight on security you shouldn't be affected, make sure your /tmp is noexec, nosuid and your scripts (Perl, PHP, etc...) are not vulnerable to remote file inclusion exploits.
WTF does that mean? If I have a production machine, don't apply the fix? That just means you're on your own until it reaches updates channel and you can't bug novell if something goes wrong. Any beta product is not recommended for production use due to lack of testing, but I've seen many beta applications working in very large production systems.
-- Best regards, Nick Zeljkovic -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org