Kernel security flaw??

NoOp glgxg at sbcglobal.net
Sun Feb 24 23:32:16 UTC 2008


On 02/24/2008 02:15 PM, JosephK wrote:
> On 16:47 Sun 24 Feb     , geoffrey froner wrote:
>> I saw the following report at the Gentoo site.  Not being an expert with
>> Linux, I am at a loss to understand the impact.  Is this something Ubuntu
>> users need be concerned?  Is there already a patch for this problem?
>> 
>> "Two *major security flaws in the Linux kernel* were reported last weekend.
>> Both flaws have the same impact (*root access for local users*) and both
>> exist within the vmsplice() system call, which was added to the kernel in
>> 2.6.17. There is no configuration option to exclude vmsplice() so *everyone
>> is vulnerable."
>> 
> This may be of interest
> 
> http://distrowatch.com/weekly.php?issue=20080218#feature
> 

This is actually of more interest:

http://www.ubuntu.com/usn
  http://www.ubuntu.com/usn/usn-577-1

Whenever you have a question about security it is always advisable to
have a look at http://www.ubuntu.com/usn first. It's also a good idea to
subscribe to, or look at the archvives of the security announce mailing
list:
http://www.ubuntu.com/usn
<quote>
These are the Ubuntu security notices that affect the current supported
releases of Ubuntu. These notices are also posted to the
ubuntu-security-announce mailing list (list archive). To report a
security vulnerability in an Ubuntu package, please contact
security at ubuntu.com
</quote>







More information about the ubuntu-users mailing list