|
linux root vulnerability
|
Thanks for the heads up!
|
okay I KNOW there are alot more Linux folks around here so bump it goes...
|
I bet they're busy upgrading their Linux machines. :)
|
I was sync my portage, but I just found out my gentoo box is unaffected :)
(only gentoo-sources vers 2.22-r2 kernels are unaffected) Anyway, while we're on the subject of upgrading. My SuSe online update wants to download 2 files: "a kernel optimized for athlon processors" at 129 MB !! "kernel sources" 43 MB !! Now the sources are significantly larger than official clean sources, but I assume that's because SuSe included some extra patches and stuff. But why on earth is the kernel itself (compiled I assume) 129 MB? Does anyone have any idea? |
Yeah, thanks for the heads up. Im not going to patch right now, for several reasons--it only affects local users, I am going to completely rebuild my affected box soon, and I dont want to kill my uptime until I do bring it down to rebuild. Bad security, yes, but I dont care much on this box anyways.
|
God damnit!
I run 30 linux boxen.... |
mmm...Gentoo.
/gloat |
i was gonna install linux on my other comp... now i'll wait.
|
Uhm... This doesn't really affect servers since they don't run code provided by unsecure sources. Unless of course you have a bunch of programmers SSHing into it for some crazy reason.
IE if you have a bunch of servers you don't have to rush to patch since all the exectuable code is provided by you. Only executable code can cause the overrun in root, The only way to break in would be to use another exploit first to gain control of an existing user mode process and then gain root. As long as all your user mode processes are secure your good to go. If you don't trust your user mode processes.... :hmm: |
| All times are GMT -8. The time now is 08:05 AM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project