Kernel security flaw??
NoOp
glgxg at sbcglobal.net
Sun Feb 24 23:32:16 UTC 2008
On 02/24/2008 02:15 PM, JosephK wrote:
> On 16:47 Sun 24 Feb , geoffrey froner wrote:
>> I saw the following report at the Gentoo site. Not being an expert with
>> Linux, I am at a loss to understand the impact. Is this something Ubuntu
>> users need be concerned? Is there already a patch for this problem?
>>
>> "Two *major security flaws in the Linux kernel* were reported last weekend.
>> Both flaws have the same impact (*root access for local users*) and both
>> exist within the vmsplice() system call, which was added to the kernel in
>> 2.6.17. There is no configuration option to exclude vmsplice() so *everyone
>> is vulnerable."
>>
> This may be of interest
>
> http://distrowatch.com/weekly.php?issue=20080218#feature
>
This is actually of more interest:
http://www.ubuntu.com/usn
http://www.ubuntu.com/usn/usn-577-1
Whenever you have a question about security it is always advisable to
have a look at http://www.ubuntu.com/usn first. It's also a good idea to
subscribe to, or look at the archvives of the security announce mailing
list:
http://www.ubuntu.com/usn
<quote>
These are the Ubuntu security notices that affect the current supported
releases of Ubuntu. These notices are also posted to the
ubuntu-security-announce mailing list (list archive). To report a
security vulnerability in an Ubuntu package, please contact
security at ubuntu.com
</quote>
More information about the ubuntu-users
mailing list